From feeb35e438db36f08bb82d493b11d4211201f23c Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Mon, 3 Apr 2017 15:20:32 +0200
Subject: [PATCH] fix possible out of bounds buffer access

---
 Zend/zend_virtual_cwd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Zend/zend_virtual_cwd.c b/Zend/zend_virtual_cwd.c
index ca19802ff72..8009f2f3fdd 100644
--- a/Zend/zend_virtual_cwd.c
+++ b/Zend/zend_virtual_cwd.c
@@ -380,7 +380,7 @@ CWD_API int php_sys_stat_ex(const char *path, zend_stat_t *buf, int lstat) /* {{
 	if ((data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == 0) {
 		size_t len = strlen(path);
 
-		if (path[len-4] == '.') {
+		if (len >= 4 && path[len-4] == '.') {
 			if (_memicmp(path+len-3, "exe", 3) == 0 ||
 				_memicmp(path+len-3, "com", 3) == 0 ||
 				_memicmp(path+len-3, "bat", 3) == 0 ||