MFH

diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index 5782e2cd9365c559ccaf3b0794697b1146533861..d95a31dace118fcb65e1383d814ebed91ccdbb04 100644 (file)
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -83,7 +83,7 @@ static int var_access(php_unserialize_data_t *var_hashx, int id, zval ***store)
 
        if (!var_hash) return !SUCCESS;
 
-       if (id >= var_hash->used_slots) return !SUCCESS;
+       if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
 
        *store = &var_hash->data[id];
 

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index c57de7ae03f4e8f51aaec905c0b7ecc9af955d2a..5da3eb3e1bf3b62e11d562f91ec0864998e8942a 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -81,7 +81,7 @@ static int var_access(php_unserialize_data_t *var_hashx, int id, zval ***store)
 
        if (!var_hash) return !SUCCESS;
 
-       if (id >= var_hash->used_slots) return !SUCCESS;
+       if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
 
        *store = &var_hash->data[id];
 

diff --git a/main/safe_mode.c b/main/safe_mode.c
index 9271610f9bdf223fa55c9a236300b2c490182572..12403077d45621a3aacdd3303ca8b87430273129 100644 (file)
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -55,13 +55,16 @@ PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int
        php_stream_wrapper *wrapper = NULL;
        TSRMLS_FETCH();
 
-       strlcpy(filenamecopy, filename, MAXPATHLEN);
-       filename=(char *)&filenamecopy;
-
        if (!filename) {
                return 0; /* path must be provided */
        }
 
+       if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) {
+               return 0;
+       }
+       filename=(char *)&filenamecopy;
+
+
        if (fopen_mode) {
                if (fopen_mode[0] == 'r') {
                        mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;