Extend the previously added large string concatenation validation

author: Ilia Alshanetsky <iliaa@php.net> 2009-11-23 04:12:36 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2009-11-23 04:12:36 +0000
commit: 0ebe3a7690a7fee3eef47af83bad517f43857244 (patch)
tree: cb4546a27d67b3acde516d2cedcc05cd9e5c34b0 /Zend/zend_operators.c
parent: f395a2e34fa3d9348bda60ecfcab640faa9cab15 (diff)
download: php-git-0ebe3a7690a7fee3eef47af83bad517f43857244.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 196d63dfae..bde59333b9 100644
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -1227,7 +1227,7 @@ ZEND_API int concat_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{
 	if (result==op1) {	/* special case, perform operations on result */
 		uint res_len = Z_STRLEN_P(op1) + Z_STRLEN_P(op2);
 
-		if (Z_STRLEN_P(result) < 0) {
+		if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) {
 			efree(Z_STRVAL_P(result));
 			ZVAL_EMPTY_STRING(result);
 			zend_error(E_ERROR, "String size overflow");
author	Ilia Alshanetsky <iliaa@php.net>	2009-11-23 04:12:36 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2009-11-23 04:12:36 +0000
commit	0ebe3a7690a7fee3eef47af83bad517f43857244 (patch)
tree	cb4546a27d67b3acde516d2cedcc05cd9e5c34b0 /Zend/zend_operators.c
parent	f395a2e34fa3d9348bda60ecfcab640faa9cab15 (diff)
download	php-git-0ebe3a7690a7fee3eef47af83bad517f43857244.tar.gz