1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Description: Check for possible overflows in recode_string()
Origin: vendor
Bug-Debian: http://bugs.debian.org/294986, http://bugs.debian.org/459020
Forwarded: no
Last-Update: 2010-01-18
--- a/ext/recode/recode.c
+++ b/ext/recode/recode.c
@@ -149,7 +149,7 @@ PHP_FUNCTION(recode_string)
int req_len, str_len;
char *req, *str;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE || str_len < 0) {
return;
}
|
