Skip to content
Permalink
Browse files

Fix bug #71923 - integer overflow in ZipArchive::getFrom*

  • Loading branch information
smalyshev authored and weltling committed Apr 20, 2016
1 parent 7133f28 commit 3b8d4de300854b3517c7acb239b84f7726c1353c
Showing with 2 additions and 2 deletions.
  1. +2 −2 ext/zip/php_zip.c
@@ -1281,7 +1281,7 @@ static PHP_NAMED_FUNCTION(zif_zip_entry_read)
}

if (zr_rsrc->zf) {
buffer = zend_string_alloc(len, 0);
buffer = zend_string_safe_alloc(1, len, 0, 0);
n = zip_fread(zr_rsrc->zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer));
if (n > 0) {
ZSTR_VAL(buffer)[n] = '\0';
@@ -2728,7 +2728,7 @@ static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
RETURN_FALSE;
}

buffer = zend_string_alloc(len, 0);
buffer = zend_string_safe_alloc(1, len, 0, 0);
n = zip_fread(zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer));
if (n < 1) {
zend_string_free(buffer);

0 comments on commit 3b8d4de

Please sign in to comment.
You can’t perform that action at this time.