diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2009-11-23 04:12:36 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2009-11-23 04:12:36 +0000 |
commit | 54727670c3c1936aac1f215d587661b703427fd6 (patch) | |
tree | 538bf10196dc5a1686c7cc83694501a990ab379f | |
parent | 6c621b15cd94b8776b0c818a25bb5e0756644e6e (diff) | |
download | php-git-54727670c3c1936aac1f215d587661b703427fd6.tar.gz |
Extend the previously added large string concatenation validation
-rw-r--r-- | Zend/zend_operators.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 4d9210d0e6..bedef805bd 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -1203,7 +1203,7 @@ ZEND_API int concat_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) if (result==op1) { /* special case, perform operations on result */ uint res_len = op1->value.str.len + op2->value.str.len; - if (Z_STRLEN_P(result) < 0) { + if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) { efree(Z_STRVAL_P(result)); ZVAL_EMPTY_STRING(result); zend_error(E_ERROR, "String size overflow"); |