diff options
author | K.Kosako <kkosako0@gmail.com> | 2020-09-21 12:58:29 +0900 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-10-02 15:02:35 +0200 |
commit | bf6873a18e3b6b00f82a645c0893a281ae8eadb8 (patch) | |
tree | 3841fe4c78230240ac9ea85816cdeea1c4ba2ebd | |
parent | 1666cfcca0356168e2b61610b98052c3b85cae9d (diff) | |
download | php-git-bf6873a18e3b6b00f82a645c0893a281ae8eadb8.tar.gz |
Fix out-of-bounds write
Fixes CVE-2020-26159.
Backported from <https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0>.
-rw-r--r-- | ext/mbstring/oniguruma/src/regcomp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/mbstring/oniguruma/src/regcomp.c b/ext/mbstring/oniguruma/src/regcomp.c index 69d4b95f95..4f68af2345 100644 --- a/ext/mbstring/oniguruma/src/regcomp.c +++ b/ext/mbstring/oniguruma/src/regcomp.c @@ -5603,7 +5603,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc) for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) { len = enclen(enc, p); - if (i + len > OPT_EXACT_MAXLEN) break; + if (i + len >= OPT_EXACT_MAXLEN) break; for (j = 0; j < len && p < end; j++) to->s[i++] = *p++; } |