From: Dmitry Stogov <dmitry@php.net>
Date: Thu, 17 Jul 2008 14:05:07 +0000 (+0000)
Subject: Fixed search on uninitialized data
X-Git-Tag: php-5.3.0alpha1~304
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=67b77b06e5c7fbd9e9c82a9abcbcbd2aabf5259f;p=php

Fixed search on uninitialized data
---

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index db5b80f1e1..ac370af532 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1427,7 +1427,9 @@ static inline char *phar_strnstr(const char *buf, int buf_len, const char *searc
 	const char *c;
 	int so_far = 0;
 
-	/* this assumes buf_len > search_len */
+	if (buf_len < search_len) {
+		return NULL;
+	}
 	c = buf - 1;
 	do {
 		if (!(c = memchr(c + 1, search[0], buf_len - search_len - so_far))) {
@@ -1579,7 +1581,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a
 				}
 			}
 		}
-		if ((pos = phar_strnstr(buffer, 1024 + sizeof(token), token, sizeof(token)-1)) != NULL) {
+		if (got > 0 && (pos = phar_strnstr(buffer, got + sizeof(token), token, sizeof(token)-1)) != NULL) {
 			halt_offset += (pos - buffer); /* no -tokenlen+tokenlen here */
 			return phar_parse_pharfile(fp, fname, fname_len, alias, alias_len, halt_offset, pphar, compression, error TSRMLS_CC);
 		}