From: Ilia Alshanetsky Date: Mon, 23 Nov 2009 04:12:36 +0000 (+0000) Subject: Extend the previously added large string concatenation validation X-Git-Tag: php-5.2.12RC2~28 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=54727670c3c1936aac1f215d587661b703427fd6;p=php Extend the previously added large string concatenation validation --- diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 4d9210d0e6..bedef805bd 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -1203,7 +1203,7 @@ ZEND_API int concat_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) if (result==op1) { /* special case, perform operations on result */ uint res_len = op1->value.str.len + op2->value.str.len; - if (Z_STRLEN_P(result) < 0) { + if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) { efree(Z_STRVAL_P(result)); ZVAL_EMPTY_STRING(result); zend_error(E_ERROR, "String size overflow");