diff options
| author | Stanislav Malyshev <stas@php.net> | 2018-04-23 22:00:24 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2018-04-23 22:00:24 -0700 |
| commit | 95ee9efa572ae7b6931c846833a3283f06610a2e (patch) | |
| tree | bf6e2f738aa041effe896bb9a79dd05480504657 /ext/iconv | |
| parent | ff83c00715f6e036da5e5b627a742d2697871ae1 (diff) | |
| parent | 5a18d7a0df075eb49a4e8094d1d54fed937f7565 (diff) | |
| download | php-git-95ee9efa572ae7b6931c846833a3283f06610a2e.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0:
Fix tsrm_ls
Fix #76129 - remove more potential unfiltered outputs for phar
Fix test
Fix bug #76248 - Malicious LDAP-Server Response causes Crash
Fix bug #76249 - fail on invalid sequences
Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
Fix bug #75981: prevent reading beyond buffer start
Diffstat (limited to 'ext/iconv')
| -rw-r--r-- | ext/iconv/iconv.c | 3 | ||||
| -rw-r--r-- | ext/iconv/tests/bug76249.phpt | 18 |
2 files changed, 21 insertions, 0 deletions
diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c index df44a5cda0..7f7125b09f 100644 --- a/ext/iconv/iconv.c +++ b/ext/iconv/iconv.c @@ -2658,6 +2658,9 @@ static int php_iconv_stream_filter_append_bucket( tcnt = 0; break; } + } else { + php_error_docref(NULL, E_WARNING, "iconv stream filter (\"%s\"=>\"%s\"): invalid multibyte sequence", self->from_charset, self->to_charset); + goto out_failure; } break; diff --git a/ext/iconv/tests/bug76249.phpt b/ext/iconv/tests/bug76249.phpt new file mode 100644 index 0000000000..1503f0bc81 --- /dev/null +++ b/ext/iconv/tests/bug76249.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence) +--SKIPIF-- +<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?> +--FILE-- +<?php +$fh = fopen('php://memory', 'rw'); +fwrite($fh, "abc"); +rewind($fh); +stream_filter_append($fh, 'convert.iconv.ucs-2/utf8//IGNORE', STREAM_FILTER_READ, []); +$a = stream_get_contents($fh); +var_dump(strlen($a)); +?> +DONE +--EXPECTF-- +Warning: stream_get_contents(): iconv stream filter ("ucs-2"=>"utf8//IGNORE"): invalid multibyte sequence in %sbug76249.php on line %d +int(3) +DONE |