MFH

3 files changed, 8 insertions, 5 deletions

diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index 5782e2cd93..d95a31dace 100644
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -83,7 +83,7 @@ static int var_access(php_unserialize_data_t *var_hashx, int id, zval ***store)
 
 	if (!var_hash) return !SUCCESS;
 
-	if (id >= var_hash->used_slots) return !SUCCESS;
+	if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
 
 	*store = &var_hash->data[id];
 
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index c57de7ae03..5da3eb3e1b 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -81,7 +81,7 @@ static int var_access(php_unserialize_data_t *var_hashx, int id, zval ***store)
 
 	if (!var_hash) return !SUCCESS;
 
-	if (id >= var_hash->used_slots) return !SUCCESS;
+	if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
 
 	*store = &var_hash->data[id];
 
diff --git a/main/safe_mode.c b/main/safe_mode.c
index 9271610f9b..12403077d4 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -55,13 +55,16 @@ PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int
 	php_stream_wrapper *wrapper = NULL;
 	TSRMLS_FETCH();
 
-	strlcpy(filenamecopy, filename, MAXPATHLEN);
-	filename=(char *)&filenamecopy;
-
 	if (!filename) {
 		return 0; /* path must be provided */
 	}
 
+	if (strlcpy(filenamecopy, filename, MAXPATHLEN)>=MAXPATHLEN) {
+		return 0;
+	}
+	filename=(char *)&filenamecopy;
+
+
 	if (fopen_mode) {
 		if (fopen_mode[0] == 'r') {
 			mode = CHECKUID_DISALLOW_FILE_NOT_EXISTS;