Extend the previously added large string concatenation validation

author: Ilia Alshanetsky <iliaa@php.net> 2009-11-23 04:12:36 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2009-11-23 04:12:36 +0000
commit: 54727670c3c1936aac1f215d587661b703427fd6 (patch)
tree: 538bf10196dc5a1686c7cc83694501a990ab379f
parent: 6c621b15cd94b8776b0c818a25bb5e0756644e6e (diff)
download: php-git-54727670c3c1936aac1f215d587661b703427fd6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 4d9210d0e6..bedef805bd 100644
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -1203,7 +1203,7 @@ ZEND_API int concat_function(zval *result, zval *op1, zval *op2 TSRMLS_DC)
 	if (result==op1) {	/* special case, perform operations on result */
 		uint res_len = op1->value.str.len + op2->value.str.len;
 
-		if (Z_STRLEN_P(result) < 0) {
+		if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) {
 			efree(Z_STRVAL_P(result));
 			ZVAL_EMPTY_STRING(result);
 			zend_error(E_ERROR, "String size overflow");
author	Ilia Alshanetsky <iliaa@php.net>	2009-11-23 04:12:36 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2009-11-23 04:12:36 +0000
commit	54727670c3c1936aac1f215d587661b703427fd6 (patch)
tree	538bf10196dc5a1686c7cc83694501a990ab379f
parent	6c621b15cd94b8776b0c818a25bb5e0756644e6e (diff)
download	php-git-54727670c3c1936aac1f215d587661b703427fd6.tar.gz