Skip to content

Commit 7245bff

Browse files
committed
Fix bug #72262 - do not overflow int
1 parent 88746d6 commit 7245bff

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

Diff for: ext/spl/spl_directory.c

+4
Original file line numberDiff line numberDiff line change
@@ -2872,6 +2872,10 @@ SPL_METHOD(SplFileObject, fread)
28722872
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be greater than 0");
28732873
RETURN_FALSE;
28742874
}
2875+
if (length > INT_MAX) {
2876+
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
2877+
RETURN_FALSE;
2878+
}
28752879

28762880
Z_STRVAL_P(return_value) = emalloc(length + 1);
28772881
Z_STRLEN_P(return_value) = php_stream_read(intern->u.file.stream, Z_STRVAL_P(return_value), length);

0 commit comments

Comments
 (0)