diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-27 15:49:33 +0200 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-08-27 15:50:49 +0200 |
| commit | 62dce97973436f1830b18304e7939a03b18d44ba (patch) | |
| tree | 639e43bdfeb5bc6ec605532047153ec85f8274e4 /ext/standard/tests/streams | |
| parent | 1b7ee6db884b7574893bc737a6f7fb5fdf9d619b (diff) | |
| download | php-git-62dce97973436f1830b18304e7939a03b18d44ba.tar.gz | |
Require non-negative length in stream_get_contents()
If the length is not -1, require it to be non-negative.
Using such lengths doesn't make sense (as only -1 is special-case
to read in chunks, anything else will end up doing a huge upfront
allocation) and can lead to string allocation overflow.
A similar check is already in place for file_get_contents(). That
one does not allow -1 (and uses null instead), but this function
is explicitly specified to accept -1, so stick to that behavior.
Diffstat (limited to 'ext/standard/tests/streams')
| -rw-r--r-- | ext/standard/tests/streams/stream_get_contents_negative_length.phpt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ext/standard/tests/streams/stream_get_contents_negative_length.phpt b/ext/standard/tests/streams/stream_get_contents_negative_length.phpt new file mode 100644 index 0000000000..3d52729a2f --- /dev/null +++ b/ext/standard/tests/streams/stream_get_contents_negative_length.phpt @@ -0,0 +1,16 @@ +--TEST-- +stream_get_contents() with negative max length +--FILE-- +<?php + +$tmp = tmpfile(); +fwrite($tmp, "abcd"); +var_dump(stream_get_contents($tmp, 2, 1)); +var_dump(stream_get_contents($tmp, -2)); + +?> +--EXPECTF-- +string(2) "bc" + +Warning: stream_get_contents(): Length must be greater than or equal to zero, or -1 in %s on line %d +bool(false) |