diff options
Diffstat (limited to 'lang/php5/patches/patch-aw')
-rw-r--r-- | lang/php5/patches/patch-aw | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/lang/php5/patches/patch-aw b/lang/php5/patches/patch-aw deleted file mode 100644 index 2505e7b8ba2..00000000000 --- a/lang/php5/patches/patch-aw +++ /dev/null @@ -1,81 +0,0 @@ -$NetBSD: patch-aw,v 1.1 2006/08/10 05:57:09 taca Exp $ - -# Fix for Secunia Advisory SA21403 - ---- ext/standard/scanf.c.orig 2006-01-01 21:50:15.000000000 +0900 -+++ ext/standard/scanf.c -@@ -732,7 +732,7 @@ PHPAPI int php_sscanf_internal( char *st - if (*end == '$') { - format = end+1; - ch = format++; -- objIndex = varStart + value; -+ objIndex = varStart + value - 1; - } - } - -@@ -762,7 +762,9 @@ PHPAPI int php_sscanf_internal( char *st - switch (*ch) { - case 'n': - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - zend_uint refcount; - - current = args[objIndex++]; -@@ -888,7 +890,9 @@ PHPAPI int php_sscanf_internal( char *st - } - } - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - zend_uint refcount; - - current = args[objIndex++]; -@@ -932,7 +936,9 @@ PHPAPI int php_sscanf_internal( char *st - goto done; - } - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_STRINGL( *current, string, end-string, 1); -@@ -1089,7 +1095,9 @@ PHPAPI int php_sscanf_internal( char *st - value = (int) (*fn)(buf, NULL, base); - if ((flags & SCAN_UNSIGNED) && (value < 0)) { - sprintf(buf, "%u", value); /* INTL: ISO digit */ -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - /* change passed value type to string */ - current = args[objIndex++]; - convert_to_string( *current ); -@@ -1098,7 +1106,9 @@ PHPAPI int php_sscanf_internal( char *st - add_index_string(*return_value, objIndex++, buf, 1); - } - } else { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - convert_to_long( *current ); - Z_LVAL(**current) = value; -@@ -1206,7 +1216,9 @@ PHPAPI int php_sscanf_internal( char *st - double dvalue; - *end = '\0'; - dvalue = zend_strtod(buf, NULL); -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - convert_to_double( *current ); - Z_DVAL_PP( current ) = dvalue; |