clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix bug #73773 - Seg fault when loading hostile phar

Browse Source
This commit is contained in:
Stanislav Malyshev 2016-12-31 18:47:50 -08:00
parent 16b3003ffc
commit e5246580a8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ext/phar/phar.c
View File

@ -1054,7 +1054,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
entry.is_persistent = mydata->is_persistent;
for (manifest_index = 0; manifest_index < manifest_count; ++manifest_index) {
if (buffer + 24 > endbuffer) {
if (buffer + 28 > endbuffer) {
MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)")
}
@ -1068,7 +1068,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, int fname_len, char
entry.manifest_pos = manifest_index;
}
if (entry.filename_len > endbuffer - buffer - 20) {
if (entry.filename_len > endbuffer - buffer - 24) {
MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)");
}