Patch position-no-overflow for Filesystem function related Bug #54902
Patch version 2020-08-14 14:20 UTC
Return to Bug #54902 |
Download this patch
Patch Revisions:
Developer: cmb@php.net
main/streams/streams.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/main/streams/streams.c b/main/streams/streams.c
index f1f8bf7eab..54305c13bb 100644
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -539,6 +539,10 @@ fprintf(stderr, "stream_free: %s:%p[%s] preserve_handle=%d release_cast=%d remov
PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
{
+ if (size > ZEND_LONG_MAX - stream->position) {
+ return FAILURE;
+ }
+
/* allocate/fill the buffer */
if (stream->readfilters.head) {
@@ -1311,6 +1315,9 @@ PHPAPI int _php_stream_seek(php_stream *stream, zend_off_t offset, int whence)
switch(whence) {
case SEEK_CUR:
if (offset > 0 && offset <= stream->writepos - stream->readpos) {
+ if (offset > ZEND_LONG_MAX - stream->position) {
+ return -1;
+ }
stream->readpos += offset; /* if offset = ..., then readpos = writepos */
stream->position += offset;
stream->eof = 0;
|
Copyright © 2001-2024 The PHP Group