Avoid pointer UB in strip_header

Don't calculate header_start if lc_header_start is NULL, as we're going to overflow the address space in that case.
author: Nikita Popov <nikita.ppv@gmail.com> 2019-09-03 12:01:56 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2019-09-03 12:28:18 +0200
commit: 518c651c663a2f09fb05ecea407ea0ab64f9bb51 (patch)
tree: bb5b653c8d60bfa21a6e5edc980a87b151ea6e8b
parent: 265af40a0a84c4c4710a2b246774e691ac23112b (diff)
download: php-git-518c651c663a2f09fb05ecea407ea0ab64f9bb51.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index b01aed1e96..ff0b54798f 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -86,11 +86,10 @@ static inline void strip_header(char *header_bag, char *lc_header_bag,
 		const char *lc_header_name)
 {
 	char *lc_header_start = strstr(lc_header_bag, lc_header_name);
-	char *header_start = header_bag + (lc_header_start - lc_header_bag);
-
 	if (lc_header_start
 	&& (lc_header_start == lc_header_bag || *(lc_header_start-1) == '\n')
 	) {
+		char *header_start = header_bag + (lc_header_start - lc_header_bag);
 		char *lc_eol = strchr(lc_header_start, '\n');
 		char *eol = header_start + (lc_eol - lc_header_start);
author	Nikita Popov <nikita.ppv@gmail.com>	2019-09-03 12:01:56 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2019-09-03 12:28:18 +0200
commit	518c651c663a2f09fb05ecea407ea0ab64f9bb51 (patch)
tree	bb5b653c8d60bfa21a6e5edc980a87b151ea6e8b
parent	265af40a0a84c4c4710a2b246774e691ac23112b (diff)
download	php-git-518c651c663a2f09fb05ecea407ea0ab64f9bb51.tar.gz