iliaa Thu Dec 15 03:36:54 2005 EDT Modified files: (Branch: PHP_5_1) /php-src/ext/mbstring mbstring.c Log: Fixed possible memory corruption inside mb_strcut(). http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.c?r1=1.224.2.7&r2=1.224.2.8&diff_format=u Index: php-src/ext/mbstring/mbstring.c diff -u php-src/ext/mbstring/mbstring.c:1.224.2.7 php-src/ext/mbstring/mbstring.c:1.224.2.8 --- php-src/ext/mbstring/mbstring.c:1.224.2.7 Tue Dec 6 02:21:01 2005 +++ php-src/ext/mbstring/mbstring.c Thu Dec 15 03:36:53 2005 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: mbstring.c,v 1.224.2.7 2005/12/06 02:21:01 sniper Exp $ */ +/* $Id: mbstring.c,v 1.224.2.8 2005/12/15 03:36:53 iliaa Exp $ */ /* * PHP 4 Multibyte String module "mbstring" @@ -1844,6 +1844,13 @@ } } + if (from > Z_STRLEN_PP(arg1)) { + RETURN_FALSE; + } + if (((unsigned) from + (unsigned) len) > Z_STRLEN_PP(arg1)) { + len = Z_STRLEN_PP(arg1) - from; + } + ret = mbfl_strcut(&string, &result, from, len); if (ret != NULL) { RETVAL_STRINGL(ret->val, ret->len, 0); /* the string is already strdup()'ed */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php