Fixed search on uninitialized data

2024-09-23 02:47:26 +00:00 · 2008-07-17 14:05:07 +00:00 · 2008-07-17 14:05:07 +00:00 · 67b77b06e5
commit 67b77b06e5
parent 5c631e8765
1 changed files with 4 additions and 2 deletions
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@ -1427,7 +1427,9 @@ static inline char *phar_strnstr(const char *buf, int buf_len, const char *searc
 	const char *c;
 	int so_far = 0;

-	/* this assumes buf_len > search_len */
+	if (buf_len < search_len) {
+		return NULL;
+	}
 	c = buf - 1;
 	do {
 		if (!(c = memchr(c + 1, search[0], buf_len - search_len - so_far))) {
@ -1579,7 +1581,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a
 				}
 			}
 		}
-		if ((pos = phar_strnstr(buffer, 1024 + sizeof(token), token, sizeof(token)-1)) != NULL) {
+		if (got > 0 && (pos = phar_strnstr(buffer, got + sizeof(token), token, sizeof(token)-1)) != NULL) {
 			halt_offset += (pos - buffer); /* no -tokenlen+tokenlen here */
 			return phar_parse_pharfile(fp, fname, fname_len, alias, alias_len, halt_offset, pphar, compression, error TSRMLS_CC);
 		}