[PHP-CVS] cvs: php-src(PHP_5_1) /ext/mbstring mbstring.c

Wed, 14 Dec 2005 19:37:07 -0800 

iliaa           Thu Dec 15 03:36:54 2005 EDT

  Modified files:              (Branch: PHP_5_1)
    /php-src/ext/mbstring       mbstring.c 
  Log:
  Fixed possible memory corruption inside mb_strcut().
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.c?r1=1.224.2.7&r2=1.224.2.8&diff_format=u
Index: php-src/ext/mbstring/mbstring.c
diff -u php-src/ext/mbstring/mbstring.c:1.224.2.7 
php-src/ext/mbstring/mbstring.c:1.224.2.8
--- php-src/ext/mbstring/mbstring.c:1.224.2.7   Tue Dec  6 02:21:01 2005
+++ php-src/ext/mbstring/mbstring.c     Thu Dec 15 03:36:53 2005
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: mbstring.c,v 1.224.2.7 2005/12/06 02:21:01 sniper Exp $ */
+/* $Id: mbstring.c,v 1.224.2.8 2005/12/15 03:36:53 iliaa Exp $ */
 
 /*
  * PHP 4 Multibyte String module "mbstring"
@@ -1844,6 +1844,13 @@
                }
        }
 
+       if (from > Z_STRLEN_PP(arg1)) {
+               RETURN_FALSE;
+       }
+       if (((unsigned) from + (unsigned) len) > Z_STRLEN_PP(arg1)) {
+               len = Z_STRLEN_PP(arg1) - from;
+       }
+
        ret = mbfl_strcut(&string, &result, from, len);
        if (ret != NULL) {
                RETVAL_STRINGL(ret->val, ret->len, 0);          /* the string 
is already strdup()'ed */

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to