mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
base64_decode: reorder to fix out of bounds read
This commit is contained in:
parent
ea640e6117
commit
c65de8ac13
@ -143,16 +143,19 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
|
||||
result = zend_string_alloc(length, 0);
|
||||
|
||||
/* run through the whole string, converting as we go */
|
||||
while ((ch = *current++) != '\0' && length-- > 0) {
|
||||
while (length-- > 0 && (ch = *current++) != '\0') {
|
||||
if (ch == base64_pad) {
|
||||
if (*current != '=' && ((i % 4) == 1 || (strict && length > 0))) {
|
||||
if ((i % 4) != 1) {
|
||||
while (isspace(*(++current))) {
|
||||
continue;
|
||||
}
|
||||
if (*current == '\0') {
|
||||
continue;
|
||||
}
|
||||
if (i % 4 == 1) {
|
||||
if (length == 0 || *current != '=') {
|
||||
zend_string_free(result);
|
||||
return NULL;
|
||||
}
|
||||
} else if (length > 0 && *current != '=' && strict) {
|
||||
while (--length > 0 && isspace(*++current)) {
|
||||
continue;
|
||||
}
|
||||
if (length == 0 || *current == '\0') {
|
||||
continue;
|
||||
}
|
||||
zend_string_free(result);
|
||||
return NULL;
|
||||
|
Loading…
Reference in New Issue
Block a user