From: Andrei Zmievski <andrei@php.net>
Date: Mon, 2 Oct 2006 19:58:15 +0000 (+0000)
Subject: More offset fixes. Added E_NOTICE where appropriate.
X-Git-Tag: php-5.2.0RC5~46
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=007c6ff8d9eabe5c8d682a348681bf9ee27074f1;p=php

More offset fixes. Added E_NOTICE where appropriate.
---

diff --git a/ext/standard/string.c b/ext/standard/string.c
index a59115765f..e2e10b005a 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -1768,12 +1768,14 @@ PHP_FUNCTION(strrpos)
 
 	if (offset >= 0) {
 		if (offset > haystack_len) {
+			php_error(E_NOTICE, "Offset is greater than the length of haystack string");
 			RETURN_FALSE;
 		}
 		p = haystack + offset;
 		e = haystack + haystack_len - needle_len;
 	} else {
 		if (-offset > haystack_len) {
+			php_error(E_NOTICE, "Offset is greater than the length of haystack string");
 			RETURN_FALSE;
 		}
 
@@ -1841,12 +1843,17 @@ PHP_FUNCTION(strripos)
 		/* Single character search can shortcut memcmps 
 		   Can also avoid tolower emallocs */
 		if (offset >= 0) {
+			if (offset > haystack_len) {
+				php_error(E_NOTICE, "Offset is greater than the length of haystack string");
+				RETURN_FALSE;
+			}
 			p = haystack + offset;
 			e = haystack + haystack_len - 1;
 		} else {
 			p = haystack;
 			if (-offset > haystack_len) {
-				e = haystack + haystack_len - 1;
+				php_error(E_NOTICE, "Offset is greater than the length of haystack string");
+				RETURN_FALSE;
 			} else {
 				e = haystack + haystack_len + offset;
 			}
@@ -1868,13 +1875,19 @@ PHP_FUNCTION(strripos)
 	php_strtolower(haystack_dup, haystack_len);
 
 	if (offset >= 0) {
+		if (offset > haystack_len) {
+			php_error(E_NOTICE, "Offset is greater than the length of haystack string");
+			RETURN_FALSE;
+		}
 		p = haystack_dup + offset;
 		e = haystack_dup + haystack_len - needle_len;
 	} else {
-		p = haystack_dup;
 		if (-offset > haystack_len) {
-			e = haystack_dup - needle_len;
-		} else if (needle_len > -offset) {
+			php_error(E_NOTICE, "Offset is greater than the length of haystack string");
+			RETURN_FALSE;
+		}
+		p = haystack_dup;
+		if (needle_len > -offset) {
 			e = haystack_dup + haystack_len - needle_len;
 		} else {
 			e = haystack_dup + haystack_len + offset;