From 0ef1f50383f6a4db61a4aab0f2f2cff319b5643b Mon Sep 17 00:00:00 2001
From: Stefan Esser <sesser@php.net>
Date: Wed, 23 Feb 2005 18:26:39 +0000
Subject: [PATCH] Correcting bounds check before someone uses this code

---
 ext/standard/var_unserializer.c  | 2 +-
 ext/standard/var_unserializer.re | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index 0c07a60700..376536e538 100644
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -290,7 +290,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
 
 	(*p) += 2;
 
-	if((*p) + datalen >= max) {
+	if(datalen < 0 || (*p) + datalen >= max) {
 		zend_error(E_WARNING, "Unsifficient data for unserializing - %d required, %d present", datalen, max - (*p));
 		return 0;
 	}
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index d175731786..cd04a3b111 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -294,7 +294,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
 
 	(*p) += 2;
 
-	if((*p) + datalen >= max) {
+	if(datalen < 0 || (*p) + datalen >= max) {
 		zend_error(E_WARNING, "Unsifficient data for unserializing - %d required, %d present", datalen, max - (*p));
 		return 0;
 	}
-- 
2.40.0