From 556739bc07ff3f7e0292ca006a6126008373df71 Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Thu, 29 Jun 2006 09:03:00 +0000
Subject: [PATCH] make sure we won't get into endless loop if value
 shm_var->next is corrupted

---
 ext/sysvshm/sysvshm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ext/sysvshm/sysvshm.c b/ext/sysvshm/sysvshm.c
index 3c30dda898..a445bf27bf 100644
--- a/ext/sysvshm/sysvshm.c
+++ b/ext/sysvshm/sysvshm.c
@@ -408,6 +408,10 @@ static long php_check_shm_data(sysvshm_chunk_head *ptr, long key)
 			return pos;
 		}	
 		pos += shm_var->next;
+
+		if (shm_var->next <= 0 || pos < ptr->start) {
+			return -1;
+		}
 	}
 	return -1;
 }
-- 
2.40.0