summaryrefslogtreecommitdiff
path: root/ext/standard
diff options
context:
space:
mode:
authorFelipe Pena <felipensp@gmail.com>2012-04-29 19:12:12 -0300
committerFelipe Pena <felipensp@gmail.com>2012-04-29 19:12:12 -0300
commitd44a3839861113dee10c7041d589096b82f23cc5 (patch)
tree3613cb79aed5c72f7579db4db89ebc4fc579e073 /ext/standard
parentdc6d283b1c277c2c99a794d17a2e2540a9f2e60e (diff)
downloadphp-git-d44a3839861113dee10c7041d589096b82f23cc5.tar.gz
- Added missing bound check in iptcparse() (path by chris at chiappa.net)
Diffstat (limited to 'ext/standard')
-rw-r--r--ext/standard/iptc.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
index efd4e44125..d1cf42f2d2 100644
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@@ -342,13 +342,13 @@ PHP_FUNCTION(iptcparse)
len = (((unsigned short) buffer[ inx ])<<8) | (unsigned short)buffer[ inx+1 ];
inx += 2;
}
-
- snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum);
-
- if ((len > str_len) || (inx + len) > str_len) {
+
+ if ((len < 0) || (len > str_len) || (inx + len) > str_len) {
break;
}
+ snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum);
+
if (tagsfound == 0) { /* found the 1st tag - initialize the return array */
array_init(return_value);
}