clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-5.4' into PHP-5.5

Browse Source 
* PHP-5.4:
  Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
This commit is contained in:
Stanislav Malyshev 2015-03-17 22:00:29 -07:00
commit 53eff4a369
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ext/zip/lib/zip_dirent.c
View File

@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error)
return NULL;
}
if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry))
if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry))
== NULL) {
_zip_error_set(error, ZIP_ER_MEMORY, 0);
free(cd);