From: Stanislav Malyshev <stas@php.net>
Date: Mon, 12 Sep 2016 03:58:55 +0000 (-0700)
Subject: Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
X-Git-Tag: php-7.1.0RC2~18^2^2~7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7381d4c00e32d86573b55540d379ef0c6da3c09d;p=php

Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
---

diff --git a/ext/standard/file.c b/ext/standard/file.c
index 440276ab6e..067f9614eb 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -2301,6 +2301,10 @@ PHPAPI void php_fgetcsv(php_stream *stream, char delimiter, char enclosure, char
 
 		/* 3. Now pass our field back to php */
 		*comp_end = '\0';
+		if (UNEXPECTED((comp_end - temp) > INT_MAX)) {
+			zend_error_noreturn(E_WARNING, "String overflow, max size is %d", INT_MAX);
+			break;
+		}
 		add_next_index_stringl(return_value, temp, comp_end - temp, 1);
 	} while (inc_len > 0);