Skip to content

Commit

Permalink
Fix #81283: shmop can't read beyond 2147483647 bytes
Browse files Browse the repository at this point in the history 
`start`, `count` and `shmop->size` are `zend_long`, so we must not
restrict to `INT_MAX`.

Closes GH-7301.
  • Loading branch information
@cmb69
cmb69 committed Jul 23, 2021
1 parent dfd05da commit 387c0de
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 3 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ PHP NEWS
- CGI:
. Fixed bug #80849 (HTTP Status header truncation). (cmb)

- Shmop:
. Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita)

- Standard:
. Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
. Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
Expand Down
2 changes: 1 addition & 1 deletion ext/shmop/shmop.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ PHP_FUNCTION(shmop_read)
RETURN_FALSE;
}

if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) {
if (count < 0 || start > (ZEND_LONG_MAX - count) || start + count > shmop->size) {
php_error_docref(NULL, E_WARNING, "count is out of range");
RETURN_FALSE;
}
Expand Down

0 comments on commit 387c0de

Please sign in to comment.