diff options
| -rw-r--r-- | Zend/zend_operators.h | 4 | ||||
| -rw-r--r-- | ext/standard/tests/strings/explode_bug.phpt | 15 |
2 files changed, 19 insertions, 0 deletions
diff --git a/Zend/zend_operators.h b/Zend/zend_operators.h index 536d27689e..b75a0cbc8d 100644 --- a/Zend/zend_operators.h +++ b/Zend/zend_operators.h @@ -224,6 +224,10 @@ zend_memnstr(char *haystack, char *needle, int needle_len, char *end) return (char *)memchr(p, *needle, (end-p)); } + if(needle_len > end-haystack) { + return NULL; + } + end -= needle_len; while (p <= end) { diff --git a/ext/standard/tests/strings/explode_bug.phpt b/ext/standard/tests/strings/explode_bug.phpt new file mode 100644 index 0000000000..9766f0b8f4 --- /dev/null +++ b/ext/standard/tests/strings/explode_bug.phpt @@ -0,0 +1,15 @@ +--TEST-- +Explode/memnstr bug +--INI-- +error_reporting=2047 +memory_limit=256M +--FILE-- +<?php +$res = explode(str_repeat("A",145999999),1); +var_dump($res); +?> +--EXPECTF-- +array(1) { + [0]=> + string(1) "1" +} |