MFH: fix #40915 (addcslashes unexpected behavior with binary input)

diff --git a/NEWS b/NEWS
index 094ec69c5c362c1c7c0a2bf262324c32a1c3a9bb..3f01aedff1ce9700960a2d5328921bd97e128207 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ PHP 4                                                                      NEWS
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
 - Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf
   function) (Kees Cook, Pierre)
+- Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony)
 - Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused 
   handle). (Tony)
 - Fixed bug #40747 (possible crash in session when save_path is out of 

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 5e671016d9d81eaa037c2aaa086b1a7866b641eb..7388eb98f80dc8e99b5277d2627f81fa030d37a6 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2220,11 +2220,8 @@ PHP_FUNCTION(addcslashes)
                RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1);
        }
 
-       RETURN_STRING(php_addcslashes(Z_STRVAL_PP(str), 
-                                     Z_STRLEN_PP(str), 
-                                     &Z_STRLEN_P(return_value), 0, 
-                                     Z_STRVAL_PP(what),
-                                     Z_STRLEN_PP(what) TSRMLS_CC), 0);
+       Z_STRVAL_P(return_value) = php_addcslashes(Z_STRVAL_PP(str), Z_STRLEN_PP(str), &Z_STRLEN_P(return_value), 0, Z_STRVAL_PP(what), Z_STRLEN_PP(what) TSRMLS_CC);
+       RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0);
 }
 /* }}} */