jay Thu May 6 12:11:50 2004 EDT
Modified files:
/php-src/ext/standard string.c
Log:
Fixed a segfault. (It's possible for large offsets to make strrpos()
read past the end of the haystack string...)
http://cvs.php.net/diff.php/php-src/ext/standard/string.c?r1=1.414&r2=1.415&ty=u
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.414 php-src/ext/standard/string.c:1.415
--- php-src/ext/standard/string.c:1.414 Fri Mar 26 14:23:42 2004
+++ php-src/ext/standard/string.c Thu May 6 12:11:50 2004
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: string.c,v 1.414 2004/03/26 19:23:42 pollita Exp $ */
+/* $Id: string.c,v 1.415 2004/05/06 16:11:50 jay Exp $ */
/* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
@@ -1614,7 +1614,9 @@
e = haystack + haystack_len - needle_len;
} else {
p = haystack;
- if (needle_len > -offset) {
+ if (-offset > haystack_len) {
+ e = haystack - needle_len;
+ } else if (needle_len > -offset) {
e = haystack + haystack_len - needle_len;
} else {
e = haystack + haystack_len + offset;
@@ -1681,7 +1683,11 @@
e = haystack + haystack_len - 1;
} else {
p = haystack;
- e = haystack + haystack_len - offset;
+ if (-offset > haystack_len) {
+ e = haystack + haystack_len - 1;
+ } else {
+ e = haystack + haystack_len + offset;
+ }
}
/* Borrow that ord_needle buffer to avoid repeatedly tolower()ing
needle */
*ord_needle = tolower(*needle);
@@ -1704,7 +1710,9 @@
e = haystack_dup + haystack_len - needle_len;
} else {
p = haystack_dup;
- if (needle_len > -offset) {
+ if (-offset > haystack_len) {
+ e = haystack_dup - needle_len;
+ } else if (needle_len > -offset) {
e = haystack_dup + haystack_len - needle_len;
} else {
e = haystack_dup + haystack_len + offset;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
