diff options
author | Stanislav Malyshev <stas@php.net> | 2019-01-06 12:23:53 -0800 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2019-01-06 12:23:53 -0800 |
commit | e40027ef0f508be87b323f61532cea0104212b53 (patch) | |
tree | 2fcb2d9e3b87576d458ccc40f8137dcf73e0c11e /ext/phar | |
parent | 361d3ede9394d03defba64237628e6b1a0a2a16b (diff) | |
parent | fe820fcba616a736b80e911cfc132388acd35ace (diff) | |
download | php-git-e40027ef0f508be87b323f61532cea0104212b53.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
Diffstat (limited to 'ext/phar')
-rw-r--r-- | ext/phar/phar.c | 2 | ||||
-rw-r--r-- | ext/phar/tests/bug77247.phpt | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/ext/phar/phar.c b/ext/phar/phar.c index 4d5988eaa9..812720a011 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -2026,7 +2026,7 @@ next_extension: } while (pos != filename && (*(pos - 1) == '/' || *(pos - 1) == '\0')) { - pos = memchr(pos + 1, '.', filename_len - (pos - filename) + 1); + pos = memchr(pos + 1, '.', filename_len - (pos - filename) - 1); if (!pos) { return FAILURE; } diff --git a/ext/phar/tests/bug77247.phpt b/ext/phar/tests/bug77247.phpt new file mode 100644 index 0000000000..588975f9f2 --- /dev/null +++ b/ext/phar/tests/bug77247.phpt @@ -0,0 +1,14 @@ +--TEST-- +PHP bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext) +--SKIPIF-- +<?php if (!extension_loaded("phar")) die("skip"); ?> +--FILE-- +<?php +try { +var_dump(new Phar('a/.b', 0,'test.phar')); +} catch(UnexpectedValueException $e) { + echo "OK"; +} +?> +--EXPECT-- +OK
\ No newline at end of file |