diff options
| author | Dmitry Stogov <dmitry@php.net> | 2008-07-17 14:05:07 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2008-07-17 14:05:07 +0000 |
| commit | 67b77b06e5c7fbd9e9c82a9abcbcbd2aabf5259f (patch) | |
| tree | cd95c647d8faf1007b1c6a9b4b036980d03baf00 | |
| parent | 5c631e8765eec0119fd9a095ad9c2a953f62746a (diff) | |
| download | php-git-67b77b06e5c7fbd9e9c82a9abcbcbd2aabf5259f.tar.gz | |
Fixed search on uninitialized data
| -rw-r--r-- | ext/phar/phar.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ext/phar/phar.c b/ext/phar/phar.c index db5b80f1e1..ac370af532 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1427,7 +1427,9 @@ static inline char *phar_strnstr(const char *buf, int buf_len, const char *searc const char *c; int so_far = 0; - /* this assumes buf_len > search_len */ + if (buf_len < search_len) { + return NULL; + } c = buf - 1; do { if (!(c = memchr(c + 1, search[0], buf_len - search_len - so_far))) { @@ -1579,7 +1581,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a } } } - if ((pos = phar_strnstr(buffer, 1024 + sizeof(token), token, sizeof(token)-1)) != NULL) { + if (got > 0 && (pos = phar_strnstr(buffer, got + sizeof(token), token, sizeof(token)-1)) != NULL) { halt_offset += (pos - buffer); /* no -tokenlen+tokenlen here */ return phar_parse_pharfile(fp, fname, fname_len, alias, alias_len, halt_offset, pphar, compression, error TSRMLS_CC); } |