mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 09:54:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix GHSA-r977-prxv-hc43

Browse Source 
Move the bound check upwards. Since this doesn't generate output we can
check the bound first.
This commit is contained in:
Niels Dossche 2024-11-08 22:04:21 +01:00 committed by Jakub Zelenka
parent d37a20c4a2
commit f3ade203d7
No known key found for this signature in database
GPG Key ID: 1C0779DC5C0A9DE4
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ext/standard/filters.c
View File

@ -996,6 +996,9 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins
} break;
case 5: {
if (icnt == 0) {
goto out;
}
if (!inst->lbchars && lb_cnt == 1 && *ps == '\n') {
/* auto-detect soft line breaks, found network line break */
lb_cnt = lb_ptr = 0;
@ -1009,15 +1012,13 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins
/* soft line break */
lb_cnt = lb_ptr = 0;
scan_stat = 0;
} else if (icnt > 0) {
} else {
if (*ps == (unsigned char)inst->lbchars[lb_cnt]) {
lb_cnt++;
ps++, icnt--;
} else {
scan_stat = 6; /* no break for short-cut */
}
} else {
goto out;
}
} break;

12
ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt Normal file
View File

File diff suppressed because one or more lines are too long