From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 28 Jul 2004 23:21:54 +0000 (+0000)
Subject: Fixed possible crash in stream_socket_recvfrom() when length parameter has
X-Git-Tag: PRE_ZEND_VM_DISPATCH_PATCH~329
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=445daac3ab1aa26ad95f9c75177f1ae604f75d1d;p=php

Fixed possible crash in stream_socket_recvfrom() when length parameter has
a negative value.
---

diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c
index 1e889f0b8a..db4d261345 100644
--- a/ext/standard/streamsfuncs.c
+++ b/ext/standard/streamsfuncs.c
@@ -317,6 +317,11 @@ PHP_FUNCTION(stream_socket_recvfrom)
 		ZVAL_NULL(zremote);
 		Z_STRLEN_P(zremote) = 0;
 	}
+
+	if (to_read <= 0) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be greater than 0.");
+		RETURN_FALSE;
+	}
 	
 	read_buf = emalloc(to_read + 1);