Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix bug #71923 - integer overflow in ZipArchive::getFrom*
  • Loading branch information
smalyshev authored and weltling committed Apr 27, 2016
1 parent 7133f28 commit 3b8d4de
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ext/zip/php_zip.c
Expand Up @@ -1281,7 +1281,7 @@ static PHP_NAMED_FUNCTION(zif_zip_entry_read)
}

if (zr_rsrc->zf) {
buffer = zend_string_alloc(len, 0);
buffer = zend_string_safe_alloc(1, len, 0, 0);
n = zip_fread(zr_rsrc->zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer));
if (n > 0) {
ZSTR_VAL(buffer)[n] = '\0';
Expand Down Expand Up @@ -2728,7 +2728,7 @@ static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
RETURN_FALSE;
}

buffer = zend_string_alloc(len, 0);
buffer = zend_string_safe_alloc(1, len, 0, 0);
n = zip_fread(zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer));
if (n < 1) {
zend_string_free(buffer);
Expand Down

0 comments on commit 3b8d4de

Please sign in to comment.