Avoid address calculation overflow

author Nikita Popov <nikita.ppv@gmail.com>

Thu, 20 Jun 2019 11:06:56 +0000 (13:06 +0200)

committer Nikita Popov <nikita.ppv@gmail.com>

Thu, 20 Jun 2019 14:22:04 +0000 (16:22 +0200)
author Nikita Popov <nikita.ppv@gmail.com>
Thu, 20 Jun 2019 11:06:56 +0000 (13:06 +0200)
committer Nikita Popov <nikita.ppv@gmail.com>
Thu, 20 Jun 2019 14:22:04 +0000 (16:22 +0200)
diff --git a/ext/standard/string.c b/ext/standard/string.c

index 1fcbe1e49389d6bee38509e33cf8d3db0a6ade63..a40a2c36cac5f8d624da50ae09c7c3ffb5e1ce24 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2196,7 +2196,7 @@ PHP_FUNCTION(strripos)
                                 php_error_docref(NULL, E_WARNING, "Offset is greater than the length of haystack string");
                                 RETURN_FALSE;
                         }
-                       e = ZSTR_VAL(haystack) + ZSTR_LEN(haystack) + (size_t)offset;
+                       e = ZSTR_VAL(haystack) + (ZSTR_LEN(haystack) + (size_t)offset);
                 }
                 /* Borrow that ord_needle buffer to avoid repeatedly tolower()ing needle */
                 *ZSTR_VAL(ord_needle) = tolower(*ZSTR_VAL(needle));
author	Nikita Popov <nikita.ppv@gmail.com>
	Thu, 20 Jun 2019 11:06:56 +0000 (13:06 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Thu, 20 Jun 2019 14:22:04 +0000 (16:22 +0200)