From: Mateusz Kocielski <shm@php.net>
Date: Tue, 18 Mar 2014 07:48:41 +0000 (+0100)
Subject: Fixed off-by-one in php_url_parse_ex
X-Git-Tag: php-5.4.27RC1~3^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=46566b78c9811b24e9339a6652e26bbf48a80585;p=php

Fixed off-by-one in php_url_parse_ex

Change order of condition, previously pointer could be derefrenced before
bound check was done.
---

diff --git a/ext/standard/url.c b/ext/standard/url.c
index fd5bcb402e..1c158071e1 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -263,7 +263,7 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 	} else {
 		/* memrchr is a GNU specific extension
 		   Emulate for wide compatability */
-		for(p = e; *p != ':' && p >= s; p--);
+		for(p = e; p >= s && *p != ':'; p--);
 	}
 
 	if (p >= s && *p == ':') {