mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Fix buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure
Fixes oss-fuzz #57392 Closes GH-10923
This commit is contained in:
parent
c2f3a605f0
commit
57029ce92e
2
NEWS
2
NEWS
@ -65,6 +65,8 @@ PHP NEWS
|
||||
. Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov)
|
||||
. Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown
|
||||
(apache2)). (nielsdos)
|
||||
. Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter
|
||||
and enclosure). (ilutov)
|
||||
|
||||
16 Mar 2023, PHP 8.1.17
|
||||
|
||||
|
@ -2088,7 +2088,7 @@ PHPAPI void php_fgetcsv(php_stream *stream, char delimiter, char enclosure, int
|
||||
while ((*tmp != delimiter) && isspace((int)*(unsigned char *)tmp)) {
|
||||
tmp++;
|
||||
}
|
||||
if (*tmp == enclosure) {
|
||||
if (*tmp == enclosure && tmp < limit) {
|
||||
bptr = tmp;
|
||||
}
|
||||
}
|
||||
|
17
ext/standard/tests/oss_fuzz_57392.phpt
Normal file
17
ext/standard/tests/oss_fuzz_57392.phpt
Normal file
@ -0,0 +1,17 @@
|
||||
--TEST--
|
||||
oss-fuzz #57392: Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(str_getcsv(
|
||||
"aaaaaaaaaaaa\0 ",
|
||||
"\0",
|
||||
"\0",
|
||||
));
|
||||
?>
|
||||
--EXPECT--
|
||||
array(2) {
|
||||
[0]=>
|
||||
string(12) "aaaaaaaaaaaa"
|
||||
[1]=>
|
||||
string(2) " "
|
||||
}
|
Loading…
Reference in New Issue
Block a user