diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-26 16:03:35 +0100 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2020-02-17 00:20:31 -0800 |
| commit | 7248341ea6b1209f7aa9b9a978e1b35586ccf523 (patch) | |
| tree | 7597cb9cfec44f8e1dde1a90920777ca0a3faf02 /ext/phar | |
| parent | bcbc053dc1223e20954caf68b43aea2c64e339ad (diff) | |
| download | php-git-7248341ea6b1209f7aa9b9a978e1b35586ccf523.tar.gz | |
Fix # 79171: heap-buffer-overflow in phar_extract_file
We must not access memory outside of the allocated buffer.
Diffstat (limited to 'ext/phar')
| -rw-r--r-- | ext/phar/phar_object.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 0cbb4bc9c0..b246167ed8 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -4199,7 +4199,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * if ('\\' == filename[cnt]) { filename[cnt] = '/'; } - } while (cnt++ <= filename_len); + } while (cnt++ < filename_len); } #endif |