clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove broken check in var_unserializer (#13852)

Browse Source 
`end = *p+maxlen`, and pointer overflow is UB, so that means that a check
of the form `end < *p` will always be false because it can only be true
on pointer overflow. In particular, the compiler simplifies this to
`maxlen < 0` which is always false because maxlen is unsigned.
This commit is contained in:
Niels Dossche 2024-04-03 18:15:56 +02:00 committed by GitHub
parent 15259a0a6c
commit 5ca72eca8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ext/standard/var_unserializer.re
View File

@ -326,11 +326,6 @@ static zend_string *unserialize_str(const unsigned char **p, size_t len, size_t
zend_string *str = zend_string_safe_alloc(1, len, 0, 0);
unsigned char *end = *(unsigned char **)p+maxlen;
if (end < *p) {
zend_string_efree(str);
return NULL;
}
for (i = 0; i < len; i++) {
if (*p >= end) {
zend_string_efree(str);