mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4: Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
This commit is contained in:
commit
53eff4a369
@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry))
|
||||
if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry))
|
||||
== NULL) {
|
||||
_zip_error_set(error, ZIP_ER_MEMORY, 0);
|
||||
free(cd);
|
||||
|
Loading…
Reference in New Issue
Block a user