diff options
author | Stanislav Malyshev <stas@php.net> | 2016-10-04 22:40:09 -0700 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-10-13 00:31:02 +0200 |
commit | 142a94516e5cd94cf9056e15f90ab0552747fc0a (patch) | |
tree | d210b0024a10b5a8473b9e70bec7cbd4e751010f | |
parent | 6329a1eb7816450a6de6f326580a5dcd71bd9a73 (diff) | |
download | php-git-142a94516e5cd94cf9056e15f90ab0552747fc0a.tar.gz |
Bug #73218: add mitigation for ICU int overflow
(cherry picked from commit d946d102936525bc7dcd01f3827d0a6e0bb971b0)
(cherry picked from commit b26b02b2df95eaa647ea3f4e7b42bd11eea4ed2c)
-rw-r--r-- | ext/intl/resourcebundle/resourcebundle_class.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ext/intl/resourcebundle/resourcebundle_class.c b/ext/intl/resourcebundle/resourcebundle_class.c index fd255d57cd..47d9bf0403 100644 --- a/ext/intl/resourcebundle/resourcebundle_class.c +++ b/ext/intl/resourcebundle/resourcebundle_class.c @@ -101,6 +101,13 @@ static int resourcebundle_ctor(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_constr locale = intl_locale_get_default(); } + if (bundlename_len >= MAXPATHLEN) { + intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "Bundle name too long", 0 ); + zval_dtor(return_value); + ZVAL_NULL(return_value); + return FAILURE; + } + if (fallback) { rb->me = ures_open(bundlename, locale, &INTL_DATA_ERROR_CODE(rb)); } else { @@ -331,6 +338,11 @@ PHP_FUNCTION( resourcebundle_locales ) RETURN_FALSE; } + if (bundlename_len >= MAXPATHLEN) { + intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "resourcebundle_locales: bundle name too long", 0 ); + RETURN_FALSE; + } + if(bundlename_len == 0) { // fetch default locales list bundlename = NULL; |