From 54727670c3c1936aac1f215d587661b703427fd6 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Mon, 23 Nov 2009 04:12:36 +0000 Subject: [PATCH] Extend the previously added large string concatenation validation --- Zend/zend_operators.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 4d9210d0e6..bedef805bd 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -1203,7 +1203,7 @@ ZEND_API int concat_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) if (result==op1) { /* special case, perform operations on result */ uint res_len = op1->value.str.len + op2->value.str.len; - if (Z_STRLEN_P(result) < 0) { + if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) { efree(Z_STRVAL_P(result)); ZVAL_EMPTY_STRING(result); zend_error(E_ERROR, "String size overflow"); -- 2.40.0