diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-06-04 11:49:59 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-06-04 13:37:11 +0200 |
commit | ceae81665cc6d8dadf2103a3f9266150b076ab2a (patch) | |
tree | 2cec07b0cb84869fc207a3b20c8df1541201b3af | |
parent | b8e7b30b4715ae5f052dec428d82b705e29220b7 (diff) | |
download | php-git-ceae81665cc6d8dadf2103a3f9266150b076ab2a.tar.gz |
Fix #73527: Invalid memory access in php_filter_strip
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/filter/sanitizing_filters.c | 6 |
2 files changed, 6 insertions, 3 deletions
@@ -7,6 +7,9 @@ PHP NEWS . Fixed bug #79668 (get_defined_functions(true) may miss functions). (cmb, Nikita) +- Filter: + . Fixed bug #73527 (Invalid memory access in php_filter_strip). (cmb) + - PDO SQLite: . Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set). (cmb) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 7a992b4966..de69b3bf5a 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -110,7 +110,7 @@ static void php_filter_strip(zval *value, zend_long flags) { unsigned char *str; size_t i; - int c; + size_t c; zend_string *buf; /* Optimization for if no strip flags are set */ @@ -119,7 +119,7 @@ static void php_filter_strip(zval *value, zend_long flags) } str = (unsigned char *)Z_STRVAL_P(value); - buf = zend_string_alloc(Z_STRLEN_P(value) + 1, 0); + buf = zend_string_alloc(Z_STRLEN_P(value), 0); c = 0; for (i = 0; i < Z_STRLEN_P(value); i++) { if ((str[i] >= 127) && (flags & FILTER_FLAG_STRIP_HIGH)) { @@ -161,7 +161,7 @@ static void filter_map_apply(zval *value, filter_map *map) zend_string *buf; str = (unsigned char *)Z_STRVAL_P(value); - buf = zend_string_alloc(Z_STRLEN_P(value) + 1, 0); + buf = zend_string_alloc(Z_STRLEN_P(value), 0); c = 0; for (i = 0; i < Z_STRLEN_P(value); i++) { if ((*map)[str[i]]) { |