From: Stanislav Malyshev Date: Fri, 4 Nov 2016 05:53:05 +0000 (-0700) Subject: Merge branch 'PHP-7.0' into PHP-7.1 X-Git-Tag: php-7.1.0RC6~24 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=25d04ad8e3e4b415645f982178a274f7a36eeef6;p=php Merge branch 'PHP-7.0' into PHP-7.1 * PHP-7.0: Add length check for bzcompress too - fix for bug #73356 More string length checks & fixes More string length checks & fixes --- 25d04ad8e3e4b415645f982178a274f7a36eeef6 diff --cc ext/intl/locale/locale_methods.c index e35da2fd05,12cf6c1ce3..6a5cd2e3cb --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@@ -258,16 -258,19 +258,19 @@@ PHP_NAMED_FUNCTION(zif_locale_set_defau */ static zend_string* get_icu_value_internal( const char* loc_name , char* tag_name, int* result , int fromParseLocale) { - zend_string* tag_value = NULL; - int32_t tag_value_len = 512; + zend_string* tag_value = NULL; + int32_t tag_value_len = 512; - int singletonPos = 0; - char* mod_loc_name = NULL; - int grOffset = 0; + zend_off_t singletonPos = 0; + char* mod_loc_name = NULL; + zend_off_t grOffset = 0; - int32_t buflen = 512; - UErrorCode status = U_ZERO_ERROR; + int32_t buflen = 512; + UErrorCode status = U_ZERO_ERROR; + if (strlen(loc_name) > INTL_MAX_LOCALE_LEN) { + return NULL; + } if( strcmp(tag_name, LOC_CANONICALIZE_TAG) != 0 ){ /* Handle grandfathered languages */