From 14bdd8246c50b55d1ddf838b45de34065e8613c4 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Tue, 5 Jul 2016 10:03:40 +0200 Subject: [PATCH] fix datatype and add range check --- ext/intl/uchar/uchar.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ext/intl/uchar/uchar.c b/ext/intl/uchar/uchar.c index abb3e59671..272cb22157 100644 --- a/ext/intl/uchar/uchar.c +++ b/ext/intl/uchar/uchar.c @@ -8,10 +8,17 @@ static inline int convert_cp(UChar32* pcp, zval *zcp) { zend_long cp = -1; + + if (ZEND_SIZE_T_INT_OVFL(Z_STRLEN_P(zcp))) { + intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR); + intl_error_set_custom_msg(NULL, "Input string is too long.", 0); + return FAILURE; + } + if (Z_TYPE_P(zcp) == IS_LONG) { cp = Z_LVAL_P(zcp); } else if (Z_TYPE_P(zcp) == IS_STRING) { - size_t i = 0; + int32_t i = 0; U8_NEXT(Z_STRVAL_P(zcp), i, Z_STRLEN_P(zcp), cp); if (i != Z_STRLEN_P(zcp)) { intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR); -- 2.50.1