diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-05-24 16:35:12 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-05-24 16:56:36 -0700 |
| commit | 544940c48a6b39226d4af6a9033a53b2086de709 (patch) | |
| tree | 483864e38317ce50a499b4c801d3bc62b5dfa37e /ext/standard/file.c | |
| parent | fe6af26e2ddda928851d7ebddcd418e8dbd6baba (diff) | |
| parent | 9a826a3bd99315b7c4d4673acd3084c99eb04253 (diff) | |
| download | php-git-544940c48a6b39226d4af6a9033a53b2086de709.tar.gz | |
Merge branch 'PHP-5.5' into PHP-5.6.22
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227: imagescale out-of-bounds read
Fix bug #72241: get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
Zend/zend_operators.c
ext/phar/dirstream.c
ext/phar/tests/bug71331.phpt
Diffstat (limited to 'ext/standard/file.c')
| -rw-r--r-- | ext/standard/file.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/standard/file.c b/ext/standard/file.c index 7e67891b06..f8c4e0450b 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1762,6 +1762,12 @@ PHPAPI PHP_FUNCTION(fread) RETURN_FALSE; } + if (len > INT_MAX) { + /* string length is int in 5.x so we can not read more than int */ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX); + RETURN_FALSE; + } + Z_STRVAL_P(return_value) = emalloc(len + 1); Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len); |