From: Dmitry Stogov Date: Mon, 18 Jun 2007 13:39:02 +0000 (+0000) Subject: Fixed crash in substr_compare() X-Git-Tag: BEFORE_IMPORT_OF_MYSQLND~425 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=af598946f162090d50c2e5b7da1a2d4d4017199c;p=php Fixed crash in substr_compare() Fixed error messages --- diff --git a/ext/standard/string.c b/ext/standard/string.c index 736e70a78b..489ae1d2ac 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -7208,7 +7208,7 @@ PHP_FUNCTION(substr_count) tmp = (char *)p + length; } if (tmp > endp) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset value %ld exceeds string length", offset); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length value %ld exceeds string length", length); RETURN_FALSE; } else { endp = tmp; @@ -7888,8 +7888,13 @@ PHP_FUNCTION(substr_compare) offset = (offset < 0) ? 0 : offset; } - if ((offset + len) > s1_len) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "The specified segment exceeds string length"); + if(offset > s1_len) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length"); + RETURN_FALSE; + } + + if(len > s1_len - offset) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The length cannot exceed initial string length"); RETURN_FALSE; } diff --git a/ext/standard/tests/strings/bug40754.phpt b/ext/standard/tests/strings/bug40754.phpt index 23a459317b..26662dbbb3 100644 --- a/ext/standard/tests/strings/bug40754.phpt +++ b/ext/standard/tests/strings/bug40754.phpt @@ -32,25 +32,25 @@ bool(false) bool(false) bool(false) -Warning: substr_count(): Offset value 2147483647 exceeds string length. in %s on line %d +Warning: substr_count(): Offset value 2147483647 exceeds string length in %s on line %d bool(false) Warning: substr_compare(): The start position cannot exceed initial string length in %s on line %d bool(false) -Warning: stripos(): Offset not contained in string. in %s on line %d +Warning: stripos(): Offset not contained in string in %s on line %d bool(false) -Warning: substr_count(): Offset value 2147483647 exceeds string length. in %s on line %d +Warning: substr_count(): Offset value 2147483647 exceeds string length in %s on line %d bool(false) -Warning: substr_count(): Length value 2147483647 exceeds string length. in %s on line %d +Warning: substr_count(): Length value 2147483647 exceeds string length in %s on line %d bool(false) -Warning: strpos(): Offset not contained in string. in %s on line %d +Warning: strpos(): Offset not contained in string in %s on line %d bool(false) -Warning: stripos(): Offset not contained in string. in %s on line %d +Warning: stripos(): Offset not contained in string in %s on line %d bool(false) Notice: strrpos(): Offset is greater than the length of haystack string in %s on line %d @@ -61,3 +61,38 @@ bool(false) int(2) string(8) "abcdeabc" bool(false) +--UEXPECTF-- +unicode(4) "bcde" +bool(false) +bool(false) +bool(false) + +Warning: substr_count(): Offset value 2147483647 exceeds string length in %s on line %d +bool(false) + +Warning: substr_compare(): The start position cannot exceed initial string length in %s on line %d +bool(false) + +Warning: stripos(): Offset not contained in string in %s on line %d +bool(false) + +Warning: substr_count(): Offset value 2147483647 exceeds string length in %s on line %d +bool(false) + +Warning: substr_count(): Length value 2147483647 exceeds string length in %s on line %d +bool(false) + +Warning: strpos(): Offset not contained in string in %s on line %d +bool(false) + +Warning: stripos(): Offset not contained in string in %s on line %d +bool(false) + +Notice: strrpos(): Offset is greater than the length of haystack string in %s on line %d +bool(false) + +Notice: strripos(): Offset is greater than the length of haystack string in %s on line %d +bool(false) +int(2) +unicode(8) "abcdeabc" +bool(false)