diff options
| author | taca <taca> | 2010-12-13 13:16:37 +0000 |
|---|---|---|
| committer | taca <taca> | 2010-12-13 13:16:37 +0000 |
| commit | 6b1dbc49895dd311e41917f2d75c6f4879495a89 (patch) | |
| tree | af53d86e5c316fcb447591e69dd0bfcb99142c38 /lang | |
| parent | 1d6f56569ebc1ecf056d024614ee071996548e3f (diff) | |
| download | pkgsrc-6b1dbc49895dd311e41917f2d75c6f4879495a89.tar.gz | |
Update lang/php53 package to 5.3.4 (PHP 5.3.4).
The PHP development team is proud to announce the immediate release of PHP
5.3.4. This is a maintenance release in the 5.3 series, which includes a large
number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.4:
* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid
(CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz
Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in
ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
large amount of data) (CVE-2010-3710).
Key Bug Fixes in PHP 5.3.4 include:
* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream
support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend
multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.
For users upgrading from PHP 5.2 there is a migration guide available here,
detailing the changes between those releases and PHP 5.3.
For a full list of changes in PHP 5.3.4, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php53/Makefile | 3 | ||||
| -rw-r--r-- | lang/php53/Makefile.common | 4 | ||||
| -rw-r--r-- | lang/php53/distinfo | 18 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ab | 24 | ||||
| -rw-r--r-- | lang/php53/patches/patch-am | 65 | ||||
| -rw-r--r-- | lang/php53/patches/patch-an | 20 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ao | 166 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ap | 20 | ||||
| -rw-r--r-- | lang/php53/patches/patch-aq | 19 |
9 files changed, 20 insertions, 319 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 5d2823d5cc6..e79c9c35af9 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.5 2010/11/25 03:43:50 taca Exp $ +# $NetBSD: Makefile,v 1.6 2010/12/13 13:16:37 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ COMMENT= PHP Hypertext Preprocessor version 5 diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common index 20440975e68..503144d06d9 100644 --- a/lang/php53/Makefile.common +++ b/lang/php53/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.2 2010/07/24 22:23:37 tron Exp $ +# $NetBSD: Makefile.common,v 1.3 2010/12/13 13:16:37 taca Exp $ # used by lang/php53/Makefile.php # used by lang/php/ext.mk # used by meta-pkgs/php53-extensions/Makefile @@ -39,7 +39,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= pkgsrc-users@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.3.3 +PHP_BASE_VERS= 5.3.4 PHP_EXTENSION_DIR= lib/php/20090630 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q} diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 22c7e4cc9d4..a8037aa9fdc 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,13 +1,10 @@ -$NetBSD: distinfo,v 1.7 2010/11/25 03:43:50 taca Exp $ +$NetBSD: distinfo,v 1.8 2010/12/13 13:16:37 taca Exp $ -SHA1 (php-5.3.3/php-5.3.3.tar.bz2) = 9f66716b341119e4e4f8fe3d81b7d0a5daf3cbc8 -RMD160 (php-5.3.3/php-5.3.3.tar.bz2) = 9edb51663feac9b787f8382012893f1ac98fec6a -Size (php-5.3.3/php-5.3.3.tar.bz2) = 10662227 bytes -SHA1 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 76675242cfdeff763767900213346af622002490 -RMD160 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 8dcd8b51ea0357b6cc51e70e495e18f341c62f7c -Size (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 41298 bytes +SHA1 (php-5.3.4/php-5.3.4.tar.bz2) = 0b33926e78e1683e3383b3b5c840ee60ba669b0b +RMD160 (php-5.3.4/php-5.3.4.tar.bz2) = dffbeced87117fd34c948de3ebdde01a25c24dae +Size (php-5.3.4/php-5.3.4.tar.bz2) = 10804376 bytes SHA1 (patch-aa) = f51491af7c577f36979fc07d52b5857368392e09 -SHA1 (patch-ab) = 8ac388f50afc03f3f4eacbfed42ae295a2e8d700 +SHA1 (patch-ab) = 7aeb5148056e7f0b150388c4cf60a139f6aeec44 SHA1 (patch-ac) = a896371d3343c07a5cf46c79d9ca9e1b2164797a SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 @@ -17,8 +14,3 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e -SHA1 (patch-am) = b2627295554d6e3cbe7de70e79ae0938379f8d93 -SHA1 (patch-an) = d4ac5152584450d731b4c5ccb82ee84a8eed5071 -SHA1 (patch-ao) = 6871d0a2b3bca1deec6b309e90e1c109a4758a21 -SHA1 (patch-ap) = d54c00968ab581f8442b087a7ece42c827ff47f5 -SHA1 (patch-aq) = 3f541181fcaa8bc2a20bd719a9c71b0cccd411d6 diff --git a/lang/php53/patches/patch-ab b/lang/php53/patches/patch-ab index ad8856baaaf..58353b4b858 100644 --- a/lang/php53/patches/patch-ab +++ b/lang/php53/patches/patch-ab @@ -1,17 +1,17 @@ -$NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ +$NetBSD: patch-ab,v 1.3 2010/12/13 13:16:37 taca Exp $ ---- configure.orig 2010-07-24 22:35:41.000000000 +0100 -+++ configure 2010-07-24 22:39:23.000000000 +0100 -@@ -13778,7 +13778,7 @@ +--- configure.orig 2010-12-08 21:46:58.000000000 +0000 ++++ configure +@@ -13699,7 +13699,7 @@ EOF PHP_VAR_SUBST="$PHP_VAR_SUBST SAPI_CGI_PATH" - INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)" + INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)@CGIDIR@\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)@CGIDIR@/php" - PHP_SAPI=cgi - -@@ -23206,7 +23206,7 @@ + if test "$PHP_SAPI" != "default"; then + { echo "configure: error: +@@ -22963,7 +22963,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -25179,7 +25179,7 @@ +@@ -24930,7 +24930,7 @@ echo "configure:24910: checking bundled PHP_SQLITE3_CFLAGS="-I@ext_srcdir@/libsqlite $other_flags $threadsafe_flags $debug_flags" @@ -29,7 +29,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ unique=`echo $header_file|$SED 's/[^a-zA-Z0-9]/_/g'` -@@ -36124,7 +36124,7 @@ +@@ -35788,7 +35788,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -38,7 +38,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -50201,7 +50201,7 @@ +@@ -49814,7 +49814,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -47,7 +47,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -84421,7 +84421,7 @@ +@@ -83900,7 +83900,7 @@ fi if test "$found_openssl" = "no"; then if test "$PHP_OPENSSL_DIR" = "yes"; then @@ -56,7 +56,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $ fi for i in $PHP_OPENSSL_DIR; do -@@ -107682,12 +107682,7 @@ +@@ -107040,12 +107040,7 @@ old_CC=$CC if test "$PHP_THREAD_SAFETY" = "yes" && test -n "$ac_cv_pthreads_cflags"; then CXXFLAGS="$CXXFLAGS $ac_cv_pthreads_cflags" INLINE_CFLAGS="$INLINE_CFLAGS $ac_cv_pthreads_cflags" diff --git a/lang/php53/patches/patch-am b/lang/php53/patches/patch-am deleted file mode 100644 index 2251b9818ea..00000000000 --- a/lang/php53/patches/patch-am +++ /dev/null @@ -1,65 +0,0 @@ -$NetBSD: patch-am,v 1.1 2010/11/25 03:43:50 taca Exp $ - -GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016 - ---- Zend/zend_gc.c.orig 2010-04-01 22:54:03.000000000 +0000 -+++ Zend/zend_gc.c -@@ -414,19 +414,21 @@ static void gc_mark_roots(TSRMLS_D) - gc_root_buffer *current = GC_G(roots).next; - - while (current != &GC_G(roots)) { -- if (current->handle && EG(objects_store).object_buckets) { -- struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj; -+ if (current->handle) { -+ if (EG(objects_store).object_buckets) { -+ struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj; - -- if (GC_GET_COLOR(obj->buffered) == GC_PURPLE) { -- zval z; -+ if (GC_GET_COLOR(obj->buffered) == GC_PURPLE) { -+ zval z; - -- INIT_PZVAL(&z); -- Z_OBJ_HANDLE(z) = current->handle; -- Z_OBJ_HT(z) = current->u.handlers; -- zobj_mark_grey(obj, &z TSRMLS_CC); -- } else { -- GC_SET_ADDRESS(obj->buffered, NULL); -- GC_REMOVE_FROM_BUFFER(current); -+ INIT_PZVAL(&z); -+ Z_OBJ_HANDLE(z) = current->handle; -+ Z_OBJ_HT(z) = current->u.handlers; -+ zobj_mark_grey(obj, &z TSRMLS_CC); -+ } else { -+ GC_SET_ADDRESS(obj->buffered, NULL); -+ GC_REMOVE_FROM_BUFFER(current); -+ } - } - } else { - if (GC_ZVAL_GET_COLOR(current->u.pz) == GC_PURPLE) { -@@ -623,15 +625,17 @@ static void gc_collect_roots(TSRMLS_D) - gc_root_buffer *current = GC_G(roots).next; - - while (current != &GC_G(roots)) { -- if (current->handle && EG(objects_store).object_buckets) { -- struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj; -- zval z; -+ if (current->handle) { -+ if (EG(objects_store).object_buckets) { -+ struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj; -+ zval z; - -- GC_SET_ADDRESS(obj->buffered, NULL); -- INIT_PZVAL(&z); -- Z_OBJ_HANDLE(z) = current->handle; -- Z_OBJ_HT(z) = current->u.handlers; -- zobj_collect_white(&z TSRMLS_CC); -+ GC_SET_ADDRESS(obj->buffered, NULL); -+ INIT_PZVAL(&z); -+ Z_OBJ_HANDLE(z) = current->handle; -+ Z_OBJ_HT(z) = current->u.handlers; -+ zobj_collect_white(&z TSRMLS_CC); -+ } - } else { - GC_ZVAL_SET_ADDRESS(current->u.pz, NULL); - zval_collect_white(current->u.pz TSRMLS_CC); diff --git a/lang/php53/patches/patch-an b/lang/php53/patches/patch-an deleted file mode 100644 index 273a1e6a999..00000000000 --- a/lang/php53/patches/patch-an +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-an,v 1.1 2010/11/25 03:43:50 taca Exp $ - -Fix for CVE-2010-3710 (a part of http://secunia.com/advisories/41724/): - - http://svn.php.net/viewvc?view=revision&revision=303779 - ---- ext/filter/logical_filters.c.orig 2010-04-02 18:27:48.000000000 +0000 -+++ ext/filter/logical_filters.c -@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT - int matches; - - -+ /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */ -+ if (Z_STRLEN_P(value) > 320) { -+ RETURN_VALIDATION_FAILED -+ } -+ - re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC); - if (!re) { - RETURN_VALIDATION_FAILED diff --git a/lang/php53/patches/patch-ao b/lang/php53/patches/patch-ao deleted file mode 100644 index fe17b49820d..00000000000 --- a/lang/php53/patches/patch-ao +++ /dev/null @@ -1,166 +0,0 @@ -$NetBSD: patch-ao,v 1.1 2010/11/25 03:43:50 taca Exp $ - -Fix for CVE-2010-3870 (a part of http://secunia.com/advisories/41724/): - - http://svn.php.net/viewvc?view=revision&revision=304959 - ---- ext/xml/xml.c.orig 2010-01-05 13:03:40.000000000 +0000 -+++ ext/xml/xml.c -@@ -659,10 +659,111 @@ PHPAPI char *xml_utf8_encode(const char - } - /* }}} */ - -+/* copied from trunk's implementation of get_next_char in ext/standard/html.c */ -+#define MB_FAILURE(pos, advance) do { \ -+ *cursor = pos + (advance); \ -+ *status = FAILURE; \ -+ return 0; \ -+} while (0) -+ -+#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need)) -+#define utf8_lead(c) ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4)) -+#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF) -+ -+/* {{{ php_next_utf8_char -+ */ -+static inline unsigned int php_next_utf8_char( -+ const unsigned char *str, -+ size_t str_len, -+ size_t *cursor, -+ int *status) -+{ -+ size_t pos = *cursor; -+ unsigned int this_char = 0; -+ unsigned char c; -+ -+ *status = SUCCESS; -+ -+ if (!CHECK_LEN(pos, 1)) -+ MB_FAILURE(pos, 1); -+ -+ /* We'll follow strategy 2. from section 3.6.1 of UTR #36: -+ * "In a reported illegal byte sequence, do not include any -+ * non-initial byte that encodes a valid character or is a leading -+ * byte for a valid sequence.» */ -+ c = str[pos]; -+ if (c < 0x80) { -+ this_char = c; -+ pos++; -+ } else if (c < 0xc2) { -+ MB_FAILURE(pos, 1); -+ } else if (c < 0xe0) { -+ if (!CHECK_LEN(pos, 2)) -+ MB_FAILURE(pos, 1); -+ -+ if (!utf8_trail(str[pos + 1])) { -+ MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2); -+ } -+ this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f); -+ if (this_char < 0x80) { /* non-shortest form */ -+ MB_FAILURE(pos, 2); -+ } -+ pos += 2; -+ } else if (c < 0xf0) { -+ size_t avail = str_len - pos; -+ -+ if (avail < 3 || -+ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) { -+ if (avail < 2 || utf8_lead(str[pos + 1])) -+ MB_FAILURE(pos, 1); -+ else if (avail < 3 || utf8_lead(str[pos + 2])) -+ MB_FAILURE(pos, 2); -+ else -+ MB_FAILURE(pos, 3); -+ } -+ -+ this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f); -+ if (this_char < 0x800) { /* non-shortest form */ -+ MB_FAILURE(pos, 3); -+ } else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */ -+ MB_FAILURE(pos, 3); -+ } -+ pos += 3; -+ } else if (c < 0xf5) { -+ size_t avail = str_len - pos; -+ -+ if (avail < 4 || -+ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) || -+ !utf8_trail(str[pos + 3])) { -+ if (avail < 2 || utf8_lead(str[pos + 1])) -+ MB_FAILURE(pos, 1); -+ else if (avail < 3 || utf8_lead(str[pos + 2])) -+ MB_FAILURE(pos, 2); -+ else if (avail < 4 || utf8_lead(str[pos + 3])) -+ MB_FAILURE(pos, 3); -+ else -+ MB_FAILURE(pos, 4); -+ } -+ -+ this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f); -+ if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */ -+ MB_FAILURE(pos, 4); -+ } -+ pos += 4; -+ } else { -+ MB_FAILURE(pos, 1); -+ } -+ -+ *cursor = pos; -+ return this_char; -+} -+/* }}} */ -+ -+ - /* {{{ xml_utf8_decode */ - PHPAPI char *xml_utf8_decode(const XML_Char *s, int len, int *newlen, const XML_Char *encoding) - { -- int pos = len; -+ size_t pos = 0; - char *newbuf = emalloc(len + 1); - unsigned int c; - char (*decoder)(unsigned short) = NULL; -@@ -681,36 +782,15 @@ PHPAPI char *xml_utf8_decode(const XML_C - newbuf[*newlen] = '\0'; - return newbuf; - } -- while (pos > 0) { -- c = (unsigned char)(*s); -- if (c >= 0xf0) { /* four bytes encoded, 21 bits */ -- if(pos-4 >= 0) { -- c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | ((s[2]&63)<<6) | (s[3]&63); -- } else { -- c = '?'; -- } -- s += 4; -- pos -= 4; -- } else if (c >= 0xe0) { /* three bytes encoded, 16 bits */ -- if(pos-3 >= 0) { -- c = ((s[0]&63)<<12) | ((s[1]&63)<<6) | (s[2]&63); -- } else { -- c = '?'; -- } -- s += 3; -- pos -= 3; -- } else if (c >= 0xc0) { /* two bytes encoded, 11 bits */ -- if(pos-2 >= 0) { -- c = ((s[0]&63)<<6) | (s[1]&63); -- } else { -- c = '?'; -- } -- s += 2; -- pos -= 2; -- } else { -- s++; -- pos--; -+ -+ while (pos < (size_t)len) { -+ int status = FAILURE; -+ c = php_next_utf8_char((const unsigned char*)s, (size_t) len, &pos, &status); -+ -+ if (status == FAILURE || c > 0xFFU) { -+ c = '?'; - } -+ - newbuf[*newlen] = decoder ? decoder(c) : c; - ++*newlen; - } diff --git a/lang/php53/patches/patch-ap b/lang/php53/patches/patch-ap deleted file mode 100644 index 15fa5400311..00000000000 --- a/lang/php53/patches/patch-ap +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-ap,v 1.1 2010/11/25 03:43:50 taca Exp $ - -Fix for CVE-2010-4150: - http://svn.php.net/viewvc?view=revision&revision=305032 - ---- ext/imap/php_imap.c.orig 2010-04-14 09:45:37.000000000 +0000 -+++ ext/imap/php_imap.c -@@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FU - - if (IMAPG(imap_user)) { - efree(IMAPG(imap_user)); -+ IMAPG(imap_user) = 0; - } - - if (IMAPG(imap_password)) { - efree(IMAPG(imap_password)); -+ IMAPG(imap_password) = 0; - } - - /* local filename, need to perform open_basedir and safe_mode checks */ diff --git a/lang/php53/patches/patch-aq b/lang/php53/patches/patch-aq deleted file mode 100644 index 038674040a1..00000000000 --- a/lang/php53/patches/patch-aq +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2010/11/25 03:43:50 taca Exp $ - -Fix for CVE-2010-4156 (also http://secunia.com/advisories/42135/): - - http://svn.php.net/viewvc?view=revision&revision=305214 - ---- ext/mbstring/libmbfl/mbfl/mbfilter.c.orig 2010-03-12 04:55:37.000000000 +0000 -+++ ext/mbstring/libmbfl/mbfl/mbfilter.c -@@ -1397,6 +1397,10 @@ mbfl_strcut( - start = string->val + from; - end = start + (length & -4); - } else if ((encoding->flag & MBFL_ENCTYPE_SBCS)) { -+ if (from + length >= string->len) { -+ length = string->len - from; -+ } -+ - start = string->val + from; - end = start + length; - } else if (encoding->mblen_table != NULL) { |