From d9b67ab38a64fbfc9f4e78c2ac10778a973e6e47 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sun, 29 May 2016 09:34:18 +0200
Subject: PHP 5.4.45 + security fix from 5.5.36

---
 bug72114.patch | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 bug72114.patch

(limited to 'bug72114.patch')

diff --git a/bug72114.patch b/bug72114.patch
new file mode 100644
index 0000000..0e9eca7
--- /dev/null
+++ b/bug72114.patch
@@ -0,0 +1,75 @@
+Backported from 5.5 for 5.4 by Remi Collet
+
+
+From abd159cce48f3e34f08e4751c568e09677d5ec9c Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 9 May 2016 21:55:29 -0700
+Subject: [PATCH] Fix bug #72114 - int/size_t confusion in fread
+
+---
+ ext/standard/file.c                   |  6 ++++++
+ ext/standard/tests/file/bug72114.phpt | 12 ++++++++++++
+ 2 files changed, 18 insertions(+)
+ create mode 100644 ext/standard/tests/file/bug72114.phpt
+
+diff --git a/ext/standard/file.c b/ext/standard/file.c
+index 0abc022..e39c84f 100644
+--- a/ext/standard/file.c
++++ b/ext/standard/file.c
+@@ -1755,6 +1755,12 @@ PHPAPI PHP_FUNCTION(fread)
+ 		RETURN_FALSE;
+ 	}
+ 
++	if (len > INT_MAX) {
++		/* string length is int in 5.x so we can not read more than int */
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
++		RETURN_FALSE;
++	}
++
+ 	Z_STRVAL_P(return_value) = emalloc(len + 1);
+ 	Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len);
+ 
+diff --git a/ext/standard/tests/file/bug72114.phpt b/ext/standard/tests/file/bug72114.phpt
+new file mode 100644
+index 0000000..5e591ee
+--- /dev/null
++++ b/ext/standard/tests/file/bug72114.phpt
+@@ -0,0 +1,12 @@
++--TEST--
++Bug #72114 (Integer underflow / arbitrary null write in fread/gzread)
++--FILE--
++<?php
++ini_set('memory_limit', "2500M");
++$fp = fopen("/dev/zero", "r");
++fread($fp, 2147483648);
++?>
++Done
++--EXPECTF--
++Warning: fread(): Length parameter must be no more than 2147483647 in %s/bug72114.php on line %d
++Done
+
+
+From 4dd03651f3c90a754600e9b76e33c9481bd9e720 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Wed, 25 May 2016 16:17:12 +0200
+Subject: [PATCH] Skip test which is 64bits only
+
+Diff from test output
+001+ Warning: fread(): Length parameter must be greater than 0 in ...
+001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
+---
+ ext/standard/tests/file/bug72114.phpt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ext/standard/tests/file/bug72114.phpt b/ext/standard/tests/file/bug72114.phpt
+index 5e591ee..3cd03fd 100644
+--- a/ext/standard/tests/file/bug72114.phpt
++++ b/ext/standard/tests/file/bug72114.phpt
+@@ -1,5 +1,7 @@
+ --TEST--
+ Bug #72114 (Integer underflow / arbitrary null write in fread/gzread)
++--SKIPIF--
++<?php if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only"); ?>
+ --FILE--
+ <?php
+ ini_set('memory_limit', "2500M");
-- 
cgit