From: Stefan Esser <sesser@php.net>
Date: Wed, 23 Feb 2005 18:26:39 +0000 (+0000)
Subject: Correcting bounds check before someone uses this code
X-Git-Tag: RELEASE_0_3~229
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0ef1f50383f6a4db61a4aab0f2f2cff319b5643b;p=php

Correcting bounds check before someone uses this code
---

diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index 0c07a60700..376536e538 100644
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -290,7 +290,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
 
 	(*p) += 2;
 
-	if((*p) + datalen >= max) {
+	if(datalen < 0 || (*p) + datalen >= max) {
 		zend_error(E_WARNING, "Unsifficient data for unserializing - %d required, %d present", datalen, max - (*p));
 		return 0;
 	}
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index d175731786..cd04a3b111 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -294,7 +294,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
 
 	(*p) += 2;
 
-	if((*p) + datalen >= max) {
+	if(datalen < 0 || (*p) + datalen >= max) {
 		zend_error(E_WARNING, "Unsifficient data for unserializing - %d required, %d present", datalen, max - (*p));
 		return 0;
 	}