diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2019-12-02 11:21:37 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-12-02 11:21:37 +0100 |
| commit | 0dba3a8e43aa926b64feccfefdc59dcee394769e (patch) | |
| tree | 9ccfff1083c84e93421f31ef1f184ddc2a03b8dd /ext/standard/pack.c | |
| parent | b35acd30f2d15092717c222a4fcff838bfcb7b41 (diff) | |
| parent | 4ff242a9a7ee323de84a0c69dce115c72441fb19 (diff) | |
| download | php-git-0dba3a8e43aa926b64feccfefdc59dcee394769e.tar.gz | |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix #78833: Integer overflow in pack causes out-of-bound access
Diffstat (limited to 'ext/standard/pack.c')
| -rw-r--r-- | ext/standard/pack.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ext/standard/pack.c b/ext/standard/pack.c index 8f47aac258..c3bcf8d2e6 100644 --- a/ext/standard/pack.c +++ b/ext/standard/pack.c @@ -345,10 +345,13 @@ PHP_FUNCTION(pack) if (arg < 0) { arg = num_args - currentarg; } - + if (currentarg > INT_MAX - arg) { + goto too_few_args; + } currentarg += arg; if (currentarg > num_args) { +too_few_args: efree(formatcodes); efree(formatargs); php_error_docref(NULL, E_WARNING, "Type %c: too few arguments", code); |