php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch position-no-overflow for Filesystem function related Bug #54902

Patch version 2020-08-14 14:20 UTC

Return to Bug #54902 | Download this patch
Patch Revisions:

Developer: cmb@php.net

 main/streams/streams.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/main/streams/streams.c b/main/streams/streams.c
index f1f8bf7eab..54305c13bb 100644
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -539,6 +539,10 @@ fprintf(stderr, "stream_free: %s:%p[%s] preserve_handle=%d release_cast=%d remov
 
 PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size)
 {
+	if (size > ZEND_LONG_MAX - stream->position) {
+		return FAILURE;
+	}
+
 	/* allocate/fill the buffer */
 
 	if (stream->readfilters.head) {
@@ -1311,6 +1315,9 @@ PHPAPI int _php_stream_seek(php_stream *stream, zend_off_t offset, int whence)
 		switch(whence) {
 			case SEEK_CUR:
 				if (offset > 0 && offset <= stream->writepos - stream->readpos) {
+					if (offset > ZEND_LONG_MAX - stream->position) {
+						return -1;
+					}
 					stream->readpos += offset; /* if offset = ..., then readpos = writepos */
 					stream->position += offset;
 					stream->eof = 0;
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Sep 23 18:03:37 2021 UTC