diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-12-16 17:01:15 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-12-16 17:01:15 +0100 |
| commit | c56701690a184c13fa850e9946f09bac7172c604 (patch) | |
| tree | ae1f9705218540ee0ecbc876028c23de23126e50 /ext/standard/array.c | |
| parent | 205d209de931d5c5e1535277531a7e4dc8a6000a (diff) | |
| download | php-git-c56701690a184c13fa850e9946f09bac7172c604.tar.gz | |
Detect overlarge step for character range()
This was done for int and float ranges, but not char ranges.
Fixes oss-fuzz #28666.
Diffstat (limited to 'ext/standard/array.c')
| -rw-r--r-- | ext/standard/array.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/standard/array.c b/ext/standard/array.c index f99af84611..3967d83242 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -2756,7 +2756,7 @@ PHP_FUNCTION(range) high = (unsigned char)Z_STRVAL_P(zhigh)[0]; if (low > high) { /* Negative Steps */ - if (lstep <= 0) { + if (low - high < lstep || lstep <= 0) { err = 1; goto err; } @@ -2773,7 +2773,7 @@ PHP_FUNCTION(range) } } ZEND_HASH_FILL_END(); } else if (high > low) { /* Positive Steps */ - if (lstep <= 0) { + if (high - low < lstep || lstep <= 0) { err = 1; goto err; } |