From: Anatol Belski <ab@php.net>
Date: Tue, 12 Jan 2016 09:17:32 +0000 (+0100)
Subject: fix possible buffer overrun in the errmsg string
X-Git-Tag: php-7.0.3RC1~33
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8e7c469f8247c02196fc366f6023231d276b2319;p=php

fix possible buffer overrun in the errmsg string
---

diff --git a/ext/interbase/interbase.c b/ext/interbase/interbase.c
index 21a0243b43..3dfdac326f 100644
--- a/ext/interbase/interbase.c
+++ b/ext/interbase/interbase.c
@@ -512,7 +512,7 @@ void _php_ibase_error(void) /* {{{ */
 
 	IBG(sql_code) = isc_sqlcode(IB_STATUS);
 
-	while ((s - IBG(errmsg)) < MAX_ERRMSG - (IBASE_MSGSIZE + 2) && fb_interpret(s, MAX_ERRMSG, &statusp)) {
+	while ((s - IBG(errmsg)) < MAX_ERRMSG - (IBASE_MSGSIZE + 2) && fb_interpret(s, MAX_ERRMSG - strlen(IBG(errmsg)) - 1, &statusp)) {
 		strcat(IBG(errmsg), " ");
 		s = IBG(errmsg) + strlen(IBG(errmsg));
 	}