Permalink
Browse files

[Security] Fix PHP #75075 unpack with X* causes infinite loop

  • Loading branch information...
fredemmott committed Dec 18, 2017
1 parent bc4a1a8 commit e33bffbb787855d29480d8f43c5523036f9657d8
@@ -595,6 +595,10 @@ Variant ZendPack::unpack(const String& fmt, const String& data) {
/* Never use any input */
case 'X':
size = -1;
if (arg < 0) {
throw_invalid_argument("Type %c: '*' ignored", type);
arg = 1;
}
break;
case '@':
@@ -0,0 +1,3 @@
<?php
var_dump(unpack("X*", ""));
?>
@@ -0,0 +1,3 @@
Warning: Invalid argument: Type X: '*' ignored in %sbug75075.php on line %d
array(0) {
}

0 comments on commit e33bffb

Please sign in to comment.