From: Anatol Belski <ab@php.net>
Date: Thu, 13 Aug 2015 16:16:26 +0000 (+0200)
Subject: Fixed bug #70239 Creating a huge array doesn't result in exhausted, but segfault
X-Git-Tag: php-7.0.0RC1~7^2~24
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=01ee09f3f70284183679d403d2a2ae1928689573;p=php

Fixed bug #70239 Creating a huge array doesn't result in exhausted, but segfault
---

diff --git a/ext/standard/array.c b/ext/standard/array.c
index 14c4ef5311..ddbbe4cafe 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -1740,6 +1740,11 @@ double_str:
 		high = zval_get_double(zhigh);
 		i = 0;
 
+		if (zend_isinf(high) || zend_isinf(low)) {
+			php_error_docref(NULL, E_WARNING, "Invalid range supplied: start=%0.0f end=%0.0f", low, high);
+			RETURN_FALSE;
+		}
+
 		Z_TYPE_INFO(tmp) = IS_DOUBLE;
 		if (low > high) { 		/* Negative steps */
 			if (low - high < step || step <= 0) {