diff options
Diffstat (limited to 'bug72114.patch')
| -rw-r--r-- | bug72114.patch | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/bug72114.patch b/bug72114.patch new file mode 100644 index 0000000..0e9eca7 --- /dev/null +++ b/bug72114.patch @@ -0,0 +1,75 @@ +Backported from 5.5 for 5.4 by Remi Collet + + +From abd159cce48f3e34f08e4751c568e09677d5ec9c Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Mon, 9 May 2016 21:55:29 -0700 +Subject: [PATCH] Fix bug #72114 - int/size_t confusion in fread + +--- + ext/standard/file.c | 6 ++++++ + ext/standard/tests/file/bug72114.phpt | 12 ++++++++++++ + 2 files changed, 18 insertions(+) + create mode 100644 ext/standard/tests/file/bug72114.phpt + +diff --git a/ext/standard/file.c b/ext/standard/file.c +index 0abc022..e39c84f 100644 +--- a/ext/standard/file.c ++++ b/ext/standard/file.c +@@ -1755,6 +1755,12 @@ PHPAPI PHP_FUNCTION(fread) + RETURN_FALSE; + } + ++ if (len > INT_MAX) { ++ /* string length is int in 5.x so we can not read more than int */ ++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX); ++ RETURN_FALSE; ++ } ++ + Z_STRVAL_P(return_value) = emalloc(len + 1); + Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len); + +diff --git a/ext/standard/tests/file/bug72114.phpt b/ext/standard/tests/file/bug72114.phpt +new file mode 100644 +index 0000000..5e591ee +--- /dev/null ++++ b/ext/standard/tests/file/bug72114.phpt +@@ -0,0 +1,12 @@ ++--TEST-- ++Bug #72114 (Integer underflow / arbitrary null write in fread/gzread) ++--FILE-- ++<?php ++ini_set('memory_limit', "2500M"); ++$fp = fopen("/dev/zero", "r"); ++fread($fp, 2147483648); ++?> ++Done ++--EXPECTF-- ++Warning: fread(): Length parameter must be no more than 2147483647 in %s/bug72114.php on line %d ++Done + + +From 4dd03651f3c90a754600e9b76e33c9481bd9e720 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@php.net> +Date: Wed, 25 May 2016 16:17:12 +0200 +Subject: [PATCH] Skip test which is 64bits only + +Diff from test output +001+ Warning: fread(): Length parameter must be greater than 0 in ... +001- Warning: fread(): Length parameter must be no more than 2147483647 in ... +--- + ext/standard/tests/file/bug72114.phpt | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ext/standard/tests/file/bug72114.phpt b/ext/standard/tests/file/bug72114.phpt +index 5e591ee..3cd03fd 100644 +--- a/ext/standard/tests/file/bug72114.phpt ++++ b/ext/standard/tests/file/bug72114.phpt +@@ -1,5 +1,7 @@ + --TEST-- + Bug #72114 (Integer underflow / arbitrary null write in fread/gzread) ++--SKIPIF-- ++<?php if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only"); ?> + --FILE-- + <?php + ini_set('memory_limit', "2500M"); |