mirror of
https://github.com/php/php-src.git
synced 2024-09-24 03:17:26 +00:00
Add check for string overflow to all string add operations
This commit is contained in:
parent
abd159cce4
commit
41fc3c76e9
@ -1254,6 +1254,10 @@ ZEND_API int add_char_to_string(zval *result, const zval *op1, const zval *op2)
|
||||
int length = Z_STRLEN_P(op1) + 1;
|
||||
char *buf;
|
||||
|
||||
if (UNEXPECTED(length < 0)) {
|
||||
zend_error(E_ERROR, "String size overflow");
|
||||
}
|
||||
|
||||
if (IS_INTERNED(Z_STRVAL_P(op1))) {
|
||||
buf = (char *) emalloc(length + 1);
|
||||
memcpy(buf, Z_STRVAL_P(op1), Z_STRLEN_P(op1));
|
||||
@ -1273,6 +1277,9 @@ ZEND_API int add_string_to_string(zval *result, const zval *op1, const zval *op2
|
||||
int length = Z_STRLEN_P(op1) + Z_STRLEN_P(op2);
|
||||
char *buf;
|
||||
|
||||
if (UNEXPECTED(length < 0)) {
|
||||
zend_error(E_ERROR, "String size overflow");
|
||||
}
|
||||
if (IS_INTERNED(Z_STRVAL_P(op1))) {
|
||||
buf = (char *) emalloc(length+1);
|
||||
memcpy(buf, Z_STRVAL_P(op1), Z_STRLEN_P(op1));
|
||||
|
Loading…
Reference in New Issue
Block a user