From f8dd10508bd66b6eefb18d319577b443fb1e0c55 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 28 Mar 2016 01:22:37 -0700 Subject: [PATCH] Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut --- ext/mbstring/libmbfl/mbfl/mbfilter.c | 34 ++++++++++++++-------------- main/php_version.h | 6 ++--- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/ext/mbstring/libmbfl/mbfl/mbfilter.c b/ext/mbstring/libmbfl/mbfl/mbfilter.c index 3b14727d6b..4986472b9b 100644 --- a/ext/mbstring/libmbfl/mbfl/mbfilter.c +++ b/ext/mbstring/libmbfl/mbfl/mbfilter.c @@ -72,7 +72,7 @@ * */ -/* +/* * Unicode support * * Portions copyright (c) 1999,2000,2001 by the PHP3 internationalization team. @@ -137,7 +137,7 @@ mbfl_buffer_converter_new( mbfl_buffer_converter * mbfl_buffer_converter_new2( const mbfl_encoding *from, - const mbfl_encoding *to, + const mbfl_encoding *to, int buf_initsz) { mbfl_buffer_converter *convd; @@ -339,7 +339,7 @@ mbfl_buffer_converter_result(mbfl_buffer_converter *convd, mbfl_string *result) } mbfl_string * -mbfl_buffer_converter_feed_result(mbfl_buffer_converter *convd, mbfl_string *string, +mbfl_buffer_converter_feed_result(mbfl_buffer_converter *convd, mbfl_string *string, mbfl_string *result) { if (convd == NULL || string == NULL || result == NULL) { @@ -535,7 +535,7 @@ const mbfl_encoding *mbfl_encoding_detector_judge2(mbfl_encoding_detector *ident } n--; } - + /* fallback judge */ if (!encoding) { n = identd->filter_list_size - 1; @@ -702,7 +702,7 @@ mbfl_identify_encoding(mbfl_string *string, enum mbfl_no_encoding *elist, int el } } } - + /* cleanup */ /* dtors should be called in reverse order */ i = num; while (--i >= 0) { @@ -785,7 +785,7 @@ mbfl_identify_encoding2(mbfl_string *string, const mbfl_encoding **elist, int el } } } - + /* cleanup */ /* dtors should be called in reverse order */ i = num; while (--i >= 0) { @@ -844,7 +844,7 @@ mbfl_strlen(mbfl_string *string) } else { /* wchar filter */ mbfl_convert_filter *filter = mbfl_convert_filter_new( - string->no_encoding, + string->no_encoding, mbfl_no_encoding_wchar, filter_count_output, 0, &len); if (filter == NULL) { @@ -865,7 +865,7 @@ mbfl_strlen(mbfl_string *string) return len; } - + /* * strpos */ @@ -931,7 +931,7 @@ retry: /* * oddlen */ -int +int mbfl_oddlen(mbfl_string *string) { int len, n, m, k; @@ -1071,7 +1071,7 @@ mbfl_strpos( ++result; } else if ((c & 0xc0) != 0x80) { ++result; - } + } } goto out; } @@ -1116,7 +1116,7 @@ mbfl_strpos( qe = needle_u8_val + needle_u8_len; if (offset < 0) { if (-offset > needle_len) { - offset += needle_len; + offset += needle_len; while (offset < 0) { unsigned char c; if (p <= e) { @@ -1158,7 +1158,7 @@ mbfl_strpos( ++result; } else if ((c & 0xc0) != 0x80) { ++result; - } + } } goto out; } @@ -1501,7 +1501,7 @@ mbfl_strcut( if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_WCS2LE)) { from &= -2; - if (from + length >= string->len) { + if (length >= string->len - from) { length = string->len - from; } @@ -1510,14 +1510,14 @@ mbfl_strcut( } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_WCS4LE)) { from &= -4; - if (from + length >= string->len) { + if (length >= string->len - from) { length = string->len - from; } start = string->val + from; end = start + (length & -4); } else if ((encoding->flag & MBFL_ENCTYPE_SBCS)) { - if (from + length >= string->len) { + if (length >= string->len - from) { length = string->len - from; } @@ -1539,7 +1539,7 @@ mbfl_strcut( start = p; /* search end position */ - if ((start - string->val) + length >= (int)string->len) { + if (length >= (int)string->len - (start - string->val)) { end = string->val + string->len; } else { for (q = p + length; p < q; p += (m = mbtab[*p])); @@ -2024,7 +2024,7 @@ mbfl_ja_jp_hantozen( mbfl_no_encoding_wchar, (int(*)(int, void*))next_filter->filter_function, (int(*)(void*))next_filter->filter_flush, - next_filter); + next_filter); if (encoder == NULL) { goto out; } diff --git a/main/php_version.h b/main/php_version.h index 4ebff7f9ac..25446e3d65 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 5 -#define PHP_RELEASE_VERSION 27 +#define PHP_RELEASE_VERSION 34 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.5.27-dev" -#define PHP_VERSION_ID 50527 +#define PHP_VERSION "5.5.34-dev" +#define PHP_VERSION_ID 50534 -- 2.40.0