diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-26 16:03:35 +0100 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2020-02-17 00:20:17 -0800 |
| commit | b01b1f65e77325e16f4cca4d0cb1dff48891680c (patch) | |
| tree | d6223b9e85088e2e54186f6d06715640fa3c976d | |
| parent | bbcb8cab8cdace25d481f2ade0539f75b0fa8c43 (diff) | |
| download | php-git-b01b1f65e77325e16f4cca4d0cb1dff48891680c.tar.gz | |
Fix # 79171: heap-buffer-overflow in phar_extract_file
We must not access memory outside of the allocated buffer.
| -rw-r--r-- | ext/phar/phar_object.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 89b553c2b9..eaa74ece94 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -4184,7 +4184,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * if ('\\' == filename[cnt]) { filename[cnt] = '/'; } - } while (cnt++ <= filename_len); + } while (cnt++ < filename_len); } #endif |