. Implemented the RFC `Fix "foreach" behavior`. (Dmitry)
. Implemented the RFC `Generator Delegation`. (Bob)
. Implemented the RFC ` Anonymous Class Support`. (Joe, Nikita, Dmitry)
+ . Fixed bug #69511 (Off-by-one buffer overflow in php_sys_readlink).
+ (Jan Starke, Anatol)
- Curl:
. Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
typedef BOOL (WINAPI *gfpnh_func)(HANDLE, LPTSTR, DWORD, DWORD);
gfpnh_func pGetFinalPathNameByHandle;
+ if (!target_len) {
+ return -1;
+ }
+
kernel32 = LoadLibrary("kernel32.dll");
if (kernel32) {
return -1;
}
- dwRet = pGetFinalPathNameByHandle(hFile, target, MAXPATHLEN, VOLUME_NAME_DOS);
- if(dwRet >= MAXPATHLEN || dwRet == 0) {
+ /* Despite MSDN has documented it won't to, the length returned by
+ GetFinalPathNameByHandleA includes the length of the
+ null terminator. This behavior is at least reproducible
+ with VS2012 and earlier, and seems not to be fixed till
+ now. Thus, correcting target_len so it's suddenly don't
+ overflown. */
+ dwRet = pGetFinalPathNameByHandle(hFile, target, target_len - 1, VOLUME_NAME_DOS);
+ if(dwRet >= target_len || dwRet >= MAXPATHLEN || dwRet == 0) {
return -1;
}
projects / php / commitdiff