. Fixed bug #75015 (Crash in recursive iterator destructors). (Julien)
- Standard:
+ . Fixed bug #75075 (unpack with X* causes infinity loop). (Laruence)
. Fixed bug #74103 (heap-use-after-free when unserializing invalid array
size). (Nikita)
. Fixed bug #75054 (A Denial of Service Vulnerability was found when
/* Never use any input */
case 'X':
size = -1;
+ if (arg < 0) {
+ php_error_docref(NULL, E_WARNING, "Type %c: '*' ignored", type);
+ arg = 1;
+ }
break;
case '@':
--- /dev/null
+--TEST--
+Bug #75075 (unpack with X* causes infinity loop)
+--FILE--
+<?php
+var_dump(unpack("X*", ""));
+?>
+--EXPECTF--
+Warning: unpack(): Type X: '*' ignored in %sbug75075.php on line %d
+array(0) {
+}
projects / php / commitdiff