File: php5-CVE-2011-1092.patch

package info (click to toggle)
php5 5.3.3-7%2Bsqueeze19
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 122,836 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (19 lines) | stat: -rw-r--r-- 586 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
 
Subject: Fixed bug #54193 (Integer overflow in shmop_read())
Origin: http://svn.php.net/viewvc/?view=revision&revision=309018

CVE-2011-1092

Patch differs from upstream commit in that the change to the NEWS file
was removed to reduce conflicts.

--- a/ext/shmop/shmop.c
+++ b/ext/shmop/shmop.c
@@ -256,7 +256,7 @@ PHP_FUNCTION(shmop_read)
 		RETURN_FALSE;
 	}
 
-	if (start + count > shmop->size || count < 0) {
+	if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range");
 		RETURN_FALSE;
 	}