diff options
author | Stanislav Malyshev <stas@php.net> | 2015-04-11 16:56:12 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-04-11 16:56:12 -0700 |
commit | 0cb9d75cb6dfea4ad31ea794856489854ff20e16 (patch) | |
tree | 5765a341292919cabc4a35aa9afcfc8acbe9501a /ext/fileinfo/fileinfo.c | |
parent | b56f8022c8b66a58670115ac0e69ef81fd0a5fb9 (diff) | |
parent | 12d3bdee3dfa6605024a72080d8a17c165c5ed24 (diff) | |
download | php-git-0cb9d75cb6dfea4ad31ea794856489854ff20e16.tar.gz |
Merge branch 'PHP-5.4.40' into PHP-5.5.24
* PHP-5.4.40:
Additional fix for bug #69324
More fixes for bug #69152
Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
Fixed bug #68901 (use after free)
Fixed bug #68740 (NULL Pointer Dereference)
Fix bug #66550 (SQLite prepared statement use-after-free)
Better fix for #68601 for perf https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
Fix bug #68601 buffer read overflow in gd_gif_in.c
Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
Fixed bug #69293
Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
Diffstat (limited to 'ext/fileinfo/fileinfo.c')
-rw-r--r-- | ext/fileinfo/fileinfo.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index ead7585d6f..9f651afa7d 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -506,6 +506,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime RETVAL_FALSE; goto clean; } + if (CHECK_NULL_PATH(buffer, buffer_len)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path"); + RETVAL_FALSE; + goto clean; + } wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0 TSRMLS_CC); |