Fix bug #77242 (heap out of bounds read in xmlrpc_decode())

author: Stanislav Malyshev <stas@php.net> 2018-12-29 17:56:36 -0800
committer: Stanislav Malyshev <stas@php.net> 2019-01-06 11:38:46 -0800
commit: 9c62b95e5e6a1ac3922a8819f2d56d8ea998d97a (patch)
tree: 7c1fe952f7fe4d02059a7d1429b166c2336f0dff /ext/xmlrpc/libxmlrpc/xml_element.c
parent: e3e3289bd1919bcc9f600d1879d3d85d5d774886 (diff)
download: php-git-9c62b95e5e6a1ac3922a8819f2d56d8ea998d97a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/ext/xmlrpc/libxmlrpc/xml_element.c b/ext/xmlrpc/libxmlrpc/xml_element.c
index 6fc6bd3977..a30b500f2f 100644
--- a/ext/xmlrpc/libxmlrpc/xml_element.c
+++ b/ext/xmlrpc/libxmlrpc/xml_element.c
@@ -723,6 +723,9 @@ xml_element* xml_elem_parse_buf(const char* in_buf, int len, XML_ELEM_INPUT_OPTI
          long byte_idx = XML_GetCurrentByteIndex(parser);
 /*         int byte_total = XML_GetCurrentByteCount(parser); */
          const char * error_str = XML_ErrorString(err_code);
+         if(byte_idx > len) {
+             byte_idx = len;
+         }
          if(byte_idx >= 0) {
              snprintf(buf,
                       sizeof(buf),
author	Stanislav Malyshev <stas@php.net>	2018-12-29 17:56:36 -0800
committer	Stanislav Malyshev <stas@php.net>	2019-01-06 11:38:46 -0800
commit	9c62b95e5e6a1ac3922a8819f2d56d8ea998d97a (patch)
tree	7c1fe952f7fe4d02059a7d1429b166c2336f0dff /ext/xmlrpc/libxmlrpc/xml_element.c
parent	e3e3289bd1919bcc9f600d1879d3d85d5d774886 (diff)
download	php-git-9c62b95e5e6a1ac3922a8819f2d56d8ea998d97a.tar.gz