diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-10-20 17:09:20 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-10-26 15:54:40 +0100 |
| commit | 302d15a9a9f9d049e96e093c86f71a65e83a3844 (patch) | |
| tree | f7e771b14c8f06d392b21a44f0ba780a08372afd | |
| parent | 4e6e1f42be1737c3c7762cfdfdeeba5c83ff78f7 (diff) | |
| download | php-git-302d15a9a9f9d049e96e093c86f71a65e83a3844.tar.gz | |
Revert "Fix out-of-bounds write"
This reverts commit bf6873a18e3b6b00f82a645c0893a281ae8eadb8.
CVE-2020-26159 is bogus; the "bug" was apparently a false positive
reported by Coverity, and the "fix" apparently wrong, see
<https://github.com/kkos/oniguruma/issues/221>.
Closes GH-6357.
(cherry picked from commit be6d72b3a445a37f48b021e3e8e85e3a00924d71)
| -rw-r--r-- | ext/mbstring/oniguruma/src/regcomp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/mbstring/oniguruma/src/regcomp.c b/ext/mbstring/oniguruma/src/regcomp.c index 4f68af2345..69d4b95f95 100644 --- a/ext/mbstring/oniguruma/src/regcomp.c +++ b/ext/mbstring/oniguruma/src/regcomp.c @@ -5603,7 +5603,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc) for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) { len = enclen(enc, p); - if (i + len >= OPT_EXACT_MAXLEN) break; + if (i + len > OPT_EXACT_MAXLEN) break; for (j = 0; j < len && p < end; j++) to->s[i++] = *p++; } |