ID: 51002 Updated by: johan...@php.net Reported By: s...@php.net -Status: Open +Status: Assigned Bug Type: Zip Related Operating System: n/a PHP Version: 5.3.2RC1 -Assigned To: +Assigned To: pajoye New Comment:
Assign to maintainer Previous Comments: ------------------------------------------------------------------------ [2010-02-10 20:07:06] s...@php.net Description: ------------ In php_zip_add_from_pattern() a pointer to file_stripped_len is passed to php_based which treats the address as a size_t. If the size of int differs from the size of size_t then this could cause a memory access error. int entry_name_len,file_stripped_len; ... php_basename(Z_STRVAL_PP(zval_file), Z_STRLEN_PP(zval_file), NULL, 0, &basename, (size_t *)&file_stripped_len TSRMLS_CC) This is related to Rasmus's fix http://svn.php.net/viewvc?view=revision&revision=294816 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=51002&edit=1