summaryrefslogtreecommitdiff
path: root/textproc/php-intl/patches/patch-grapheme_grapheme__string.c
diff options
context:
space:
mode:
Diffstat (limited to 'textproc/php-intl/patches/patch-grapheme_grapheme__string.c')
-rw-r--r--textproc/php-intl/patches/patch-grapheme_grapheme__string.c26
1 files changed, 26 insertions, 0 deletions
diff --git a/textproc/php-intl/patches/patch-grapheme_grapheme__string.c b/textproc/php-intl/patches/patch-grapheme_grapheme__string.c
new file mode 100644
index 00000000000..aa01ee15a15
--- /dev/null
+++ b/textproc/php-intl/patches/patch-grapheme_grapheme__string.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-grapheme_grapheme__string.c,v 1.1.2.2 2011/02/26 02:55:29 taca Exp $
+
+A fix for CVE-2011-0420 (CERT: VU#210829) from PHP's repository, r306449.
+
+--- grapheme/grapheme_string.c.orig 1970-01-01 09:13:08.000000000 +0000
++++ grapheme/grapheme_string.c
+@@ -819,11 +819,17 @@ PHP_FUNCTION(grapheme_extract)
+ }
+
+ if ( lstart > INT32_MAX || lstart < 0 || lstart >= str_len ) {
++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 0 TSRMLS_CC );
+
+- intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 1 TSRMLS_CC );
+-
+ RETURN_FALSE;
+ }
++ if ( size > INT32_MAX || size < 0) {
++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: size is invalid", 0 TSRMLS_CC );
++ RETURN_FALSE;
++ }
++ if (size == 0) {
++ RETURN_EMPTY_STRING();
++ }
+
+ /* we checked that it will fit: */
+ start = (int32_t) lstart;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-02 22:23:29 +0000