]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 89d1e6b 527ad1d)
Merge branch 'PHP-7.4'
authorNikita Popov <nikita.ppv@gmail.com>
Thu, 19 Dec 2019 10:48:20 +0000 (11:48 +0100)
committerNikita Popov <nikita.ppv@gmail.com>
Thu, 19 Dec 2019 10:48:20 +0000 (11:48 +0100)
* PHP-7.4:
  Avoid signed integer overflow in string offset check

1  2 
Zend/zend_execute.c patch | diff1 | diff2 | blob | history

diff --cc Zend/zend_execute.c
index 95b9dfc1cce67af851d372792a5b49e57b7a1793,9ae73caae1fd254964aec6388bb74a08129a79cf..6620a71e911894a834ad619239b5489a420e9100
--- 1/Zend/zend_execute.c
--- 2/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@@ -2356,9 -2369,9 +2356,9 @@@ try_string_offset
                        offset = Z_LVAL_P(dim);
                }
  
-               if (UNEXPECTED(Z_STRLEN_P(container) < (size_t)((offset < 0) ? -offset : (offset + 1)))) {
+               if (UNEXPECTED(Z_STRLEN_P(container) < ((offset < 0) ? -(size_t)offset : ((size_t)offset + 1)))) {
                        if (type != BP_VAR_IS) {
 -                              zend_error(E_NOTICE, "Uninitialized string offset: " ZEND_LONG_FMT, offset);
 +                              zend_error(E_WARNING, "Uninitialized string offset: " ZEND_LONG_FMT, offset);
                                ZVAL_EMPTY_STRING(result);
                        } else {
                                ZVAL_NULL(result);
Unnamed repository; edit this file 'description' to name the repository.