From: Anatol Belski Date: Wed, 27 Apr 2016 10:30:34 +0000 (+0200) Subject: Merge branch 'PHP-7.0' X-Git-Tag: php-7.1.0alpha1~262 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1a154c7db5685361a14e4f2985a292f6cfc3a7bf;p=php Merge branch 'PHP-7.0' * PHP-7.0: fix merge Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap read access in exif header processing Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset Fix for bug #71912 (libgd: signedness vulnerability) Typo in NEWS --- 1a154c7db5685361a14e4f2985a292f6cfc3a7bf diff --cc ext/intl/grapheme/grapheme_string.c index 9fb4e35405,5687e3e260..0735a7e822 --- a/ext/intl/grapheme/grapheme_string.c +++ b/ext/intl/grapheme/grapheme_string.c @@@ -134,21 -135,20 +135,21 @@@ PHP_FUNCTION(grapheme_strpos RETURN_FALSE; } + if (offset >= 0) { + /* quick check to see if the string might be there + * I realize that 'offset' is 'grapheme count offset' but will work in spite of that + */ - found = php_memnstr(haystack + offset, needle, needle_len, haystack + haystack_len); ++ found = php_memnstr(haystack + noffset, needle, needle_len, haystack + haystack_len); - /* quick check to see if the string might be there - * I realize that 'offset' is 'grapheme count offset' but will work in spite of that - */ - found = php_memnstr(haystack + noffset, needle, needle_len, haystack + haystack_len); - - /* if it isn't there the we are done */ - if (!found) { - RETURN_FALSE; - } + /* if it isn't there the we are done */ + if (!found) { + RETURN_FALSE; + } - /* if it is there, and if the haystack is ascii, we are all done */ - if ( grapheme_ascii_check((unsigned char *)haystack, haystack_len) >= 0 ) { - RETURN_LONG(found - haystack); + /* if it is there, and if the haystack is ascii, we are all done */ + if ( grapheme_ascii_check((unsigned char *)haystack, haystack_len) >= 0 ) { + RETURN_LONG(found - haystack); + } } /* do utf16 part of the strpos */