From 3cce465528c86f78ac3b187b1594698e21900377 Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Wed, 12 Jul 2006 12:33:48 +0000
Subject: [PATCH] fix invalid read - no need to compare strings if haystack is
 "" or shorter than needle add test

---
 ext/standard/string.c                   |  9 ++++
 ext/standard/tests/strings/stripos.phpt | 55 +++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 ext/standard/tests/strings/stripos.phpt

diff --git a/ext/standard/string.c b/ext/standard/string.c
index cccf4a5c50..aff5ae2d58 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -1627,10 +1627,19 @@ PHP_FUNCTION(stripos)
 		RETURN_FALSE;
 	}
 
+	if (haystack_len == 0) {
+		RETURN_FALSE;
+	}
+
 	haystack_dup = estrndup(haystack, haystack_len);
 	php_strtolower(haystack_dup, haystack_len);
 
 	if (Z_TYPE_P(needle) == IS_STRING) {
+		if (Z_STRLEN_P(needle) == 0 || Z_STRLEN_P(needle) > haystack_len) {
+			efree(haystack_dup);
+			RETURN_FALSE;
+		}
+
 		needle_dup = estrndup(Z_STRVAL_P(needle), Z_STRLEN_P(needle));
 		php_strtolower(needle_dup, Z_STRLEN_P(needle));
 		found = php_memnstr(haystack_dup + offset, needle_dup, Z_STRLEN_P(needle), haystack_dup + haystack_len);
diff --git a/ext/standard/tests/strings/stripos.phpt b/ext/standard/tests/strings/stripos.phpt
new file mode 100644
index 0000000000..ef0efe5b23
--- /dev/null
+++ b/ext/standard/tests/strings/stripos.phpt
@@ -0,0 +1,55 @@
+--TEST--
+stripos() function test
+--FILE--
+<?php
+	var_dump(stripos("test string", "TEST"));
+	var_dump(stripos("test string", "strIng"));
+	var_dump(stripos("test string", "stRin"));
+	var_dump(stripos("test string", "t S"));
+	var_dump(stripos("test string", "G"));
+	var_dump(stripos("te".chr(0)."st", chr(0)));
+	var_dump(stripos("tEst", "test"));
+	var_dump(stripos("teSt", "test"));
+	var_dump(stripos("", ""));
+	var_dump(stripos("a", ""));
+	var_dump(stripos("", "a"));
+	var_dump(stripos("a", " "));
+	var_dump(stripos("a", "a"));
+	var_dump(stripos("", 1));
+	var_dump(stripos("", false));
+	var_dump(stripos("", true));
+	var_dump(stripos("a", 1));
+	var_dump(stripos("a", false));
+	var_dump(stripos("a", true));
+	var_dump(stripos("1", 1));
+	var_dump(stripos("0", false));
+	var_dump(stripos("1", true));
+	var_dump(stripos("\\\\a", "\\a"));
+
+	echo "Done\n";
+?>
+--EXPECT--
+int(0)
+int(5)
+int(5)
+int(3)
+int(10)
+int(2)
+int(0)
+int(0)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+int(0)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+int(1)
+Done
-- 
2.40.0