Mirrors
/
php
mirror of https://github.com/php/php-src
3
0
Fork 0
Code Releases Activity
Browse Source

Add test for bug #69522

PHP-5.4.41
Stanislav Malyshev 11 years ago
parent
634aa0a2db
commit
9c0813fd48
2 changed files with 17 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      ext/standard/pack.c
  2. 11
      ext/standard/tests/strings/bug69522.phpt

6
ext/standard/pack.c
View File

@ -642,6 +642,12 @@ PHP_FUNCTION(unpack)
break;
}
if (size != 0 && size != -1 && size < 0) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Type %c: integer overflow", type);
zval_dtor(return_value);
RETURN_FALSE;
}
/* Do actual unpacking */
for (i = 0; i != arg; i++ ) {
/* Space for name + number, safe as namelen is ensured <= 200 */

11
ext/standard/tests/strings/bug69522.phpt
View File

@ -0,0 +1,11 @@
--TEST--
Bug #69522 (heap buffer overflow in unpack())
--FILE--
<?php
$a = pack("AAAAAAAAAAAA", 1,2,3,4,5,6,7,8,9,10,11,12);
$b = unpack('h2147483648', $a);
?>
===DONE===
--EXPECTF--
Warning: unpack(): Type h: integer overflow in %s on line %d
===DONE===
Write Preview
Loading…
Cancel
Save