mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Remove broken check in var_unserializer (#13852)
`end = *p+maxlen`, and pointer overflow is UB, so that means that a check of the form `end < *p` will always be false because it can only be true on pointer overflow. In particular, the compiler simplifies this to `maxlen < 0` which is always false because maxlen is unsigned.
This commit is contained in:
parent
15259a0a6c
commit
5ca72eca8e
@ -326,11 +326,6 @@ static zend_string *unserialize_str(const unsigned char **p, size_t len, size_t
|
||||
zend_string *str = zend_string_safe_alloc(1, len, 0, 0);
|
||||
unsigned char *end = *(unsigned char **)p+maxlen;
|
||||
|
||||
if (end < *p) {
|
||||
zend_string_efree(str);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
if (*p >= end) {
|
||||
zend_string_efree(str);
|
||||
|
Loading…
Reference in New Issue
Block a user