]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 25bd11c)
Fix bug #70480 (php_url_parse_ex() buffer overflow read)
authorStanislav Malyshev <stas@php.net>
Mon, 28 Sep 2015 18:31:14 +0000 (11:31 -0700)
committerLior Kaplan <kaplanlior@gmail.com>
Tue, 5 Jul 2016 08:59:02 +0000 (10:59 +0200)
(cherry picked from commit 629e4da7cc8b174acdeab84969cbfc606a019b31)

ext/standard/url.c patch | blob | history

diff --git a/ext/standard/url.c b/ext/standard/url.c
index fc3f080a41b6f581e88c43595f72a063cfda0ec5..b5739f0d7aeca6817cafcf3d1030ebae5f95e2f5 100644 (file)
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -320,7 +320,7 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
        nohost:
 
        if ((p = memchr(s, '?', (ue - s)))) {
-               pp = strchr(s, '#');
+               pp = memchr(s, '#', (ue - s));
 
                if (pp && pp < p) {
                        if (pp - s) {
Unnamed repository; edit this file 'description' to name the repository.