blob: aa01ee15a159a851cc9ee04b8c22a177ed9542d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
$NetBSD: patch-grapheme_grapheme__string.c,v 1.1.2.2 2011/02/26 02:55:29 taca Exp $
A fix for CVE-2011-0420 (CERT: VU#210829) from PHP's repository, r306449.
--- grapheme/grapheme_string.c.orig 1970-01-01 09:13:08.000000000 +0000
+++ grapheme/grapheme_string.c
@@ -819,11 +819,17 @@ PHP_FUNCTION(grapheme_extract)
}
if ( lstart > INT32_MAX || lstart < 0 || lstart >= str_len ) {
+ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 0 TSRMLS_CC );
- intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 1 TSRMLS_CC );
-
RETURN_FALSE;
}
+ if ( size > INT32_MAX || size < 0) {
+ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: size is invalid", 0 TSRMLS_CC );
+ RETURN_FALSE;
+ }
+ if (size == 0) {
+ RETURN_EMPTY_STRING();
+ }
/* we checked that it will fit: */
start = (int32_t) lstart;
|