From: Anatol Belski Date: Tue, 5 Jul 2016 13:43:01 +0000 (+0200) Subject: fix datatypes and add range checks X-Git-Tag: php-7.1.0alpha3~8 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=28ed30df53ad694530961b4fc817900190bbbb86;p=php fix datatypes and add range checks --- diff --git a/ext/intl/dateformat/dateformat_parse.c b/ext/intl/dateformat/dateformat_parse.c index 2ba5e3089d..81a432e1af 100644 --- a/ext/intl/dateformat/dateformat_parse.c +++ b/ext/intl/dateformat/dateformat_parse.c @@ -130,7 +130,7 @@ PHP_FUNCTION(datefmt_parse) char* text_to_parse = NULL; size_t text_len =0; zval* z_parse_pos = NULL; - zend_long parse_pos = -1; + int32_t parse_pos = -1; DATE_FORMAT_METHOD_INIT_VARS; @@ -147,7 +147,12 @@ PHP_FUNCTION(datefmt_parse) if (z_parse_pos) { ZVAL_DEREF(z_parse_pos); convert_to_long(z_parse_pos); - parse_pos = Z_LVAL_P(z_parse_pos); + if (ZEND_LONG_INT_OVFL(Z_LVAL_P(z_parse_pos))) { + intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR); + intl_error_set_custom_msg(NULL, "Input string is too long.", 0); + RETURN_FALSE; + } + parse_pos = (int32_t)Z_LVAL_P(z_parse_pos); if((size_t)parse_pos > text_len) { RETURN_FALSE; } @@ -169,7 +174,7 @@ PHP_FUNCTION(datefmt_localtime) char* text_to_parse = NULL; size_t text_len =0; zval* z_parse_pos = NULL; - zend_long parse_pos = -1; + int32_t parse_pos = -1; DATE_FORMAT_METHOD_INIT_VARS; @@ -186,7 +191,12 @@ PHP_FUNCTION(datefmt_localtime) if (z_parse_pos) { ZVAL_DEREF(z_parse_pos); convert_to_long(z_parse_pos); - parse_pos = Z_LVAL_P(z_parse_pos); + if (ZEND_LONG_INT_OVFL(Z_LVAL_P(z_parse_pos))) { + intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR); + intl_error_set_custom_msg(NULL, "Input string is too long.", 0); + RETURN_FALSE; + } + parse_pos = (int32_t)Z_LVAL_P(z_parse_pos); if((size_t)parse_pos > text_len) { RETURN_FALSE; }