mirror of
https://github.com/php/php-src.git
synced 2024-09-23 02:47:26 +00:00
Fix bug #72114 - int/size_t confusion in fread
This commit is contained in:
parent
95ed19ae28
commit
abd159cce4
@ -1758,6 +1758,12 @@ PHPAPI PHP_FUNCTION(fread)
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
if (len > INT_MAX) {
|
||||
/* string length is int in 5.x so we can not read more than int */
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
Z_STRVAL_P(return_value) = emalloc(len + 1);
|
||||
Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len);
|
||||
|
||||
|
12
ext/standard/tests/file/bug72114.phpt
Normal file
12
ext/standard/tests/file/bug72114.phpt
Normal file
@ -0,0 +1,12 @@
|
||||
--TEST--
|
||||
Bug #72114 (Integer underflow / arbitrary null write in fread/gzread)
|
||||
--FILE--
|
||||
<?php
|
||||
ini_set('memory_limit', "2500M");
|
||||
$fp = fopen("/dev/zero", "r");
|
||||
fread($fp, 2147483648);
|
||||
?>
|
||||
Done
|
||||
--EXPECTF--
|
||||
Warning: fread(): Length parameter must be no more than 2147483647 in %s/bug72114.php on line %d
|
||||
Done
|
Loading…
Reference in New Issue
Block a user