Fix bug #72262 - do not overflow int

php · Jun 16, 2016 · 7245bff · 7245bff
1 parent 88746d6
commit 7245bff
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
@@ -2872,6 +2872,10 @@ SPL_METHOD(SplFileObject, fread)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be greater than 0");
 		RETURN_FALSE;
 	}
+	if (length > INT_MAX) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
+		RETURN_FALSE;
+	}
 
 	Z_STRVAL_P(return_value) = emalloc(length + 1);
 	Z_STRLEN_P(return_value) = php_stream_read(intern->u.file.stream, Z_STRVAL_P(return_value), length);