diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-30 12:37:22 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-30 12:38:27 +0100 |
commit | 085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28 (patch) | |
tree | 6b16462adaaf8b72d892911f31359aac1fe93079 /Zend/zend_execute.c | |
parent | 3bd3651bcc3d374586b291195d1b3471f3f7287d (diff) | |
download | php-git-085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28.tar.gz |
Fix signed integer overflow
Fixes oss-fuzz #26763.
Diffstat (limited to 'Zend/zend_execute.c')
-rw-r--r-- | Zend/zend_execute.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 1cec01591e..c58e1fa228 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -1553,7 +1553,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim, if ((size_t)offset >= Z_STRLEN_P(str)) { /* Extend string if needed */ zend_long old_len = Z_STRLEN_P(str); - ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), offset + 1, 0)); + ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), (size_t)offset + 1, 0)); memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len); Z_STRVAL_P(str)[offset+1] = 0; } else if (!Z_REFCOUNTED_P(str)) { |