diff options
| author | Stanislav Malyshev <stas@php.net> | 2019-01-06 11:57:16 -0800 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2019-01-06 11:57:16 -0800 |
| commit | fe820fcba616a736b80e911cfc132388acd35ace (patch) | |
| tree | d958a1c3d69c8089081a807f4fb8cdfa80007422 /ext/xmlrpc/libxmlrpc/xml_element.c | |
| parent | 41af1e6781386cf540926ba9d1ff59a3402f8e01 (diff) | |
| parent | 8d3dfabef459fe7815e8ea2fd68753fd17859d7b (diff) | |
| download | php-git-fe820fcba616a736b80e911cfc132388acd35ace.tar.gz | |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
Diffstat (limited to 'ext/xmlrpc/libxmlrpc/xml_element.c')
| -rw-r--r-- | ext/xmlrpc/libxmlrpc/xml_element.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ext/xmlrpc/libxmlrpc/xml_element.c b/ext/xmlrpc/libxmlrpc/xml_element.c index 070680d4a7..86aad6108a 100644 --- a/ext/xmlrpc/libxmlrpc/xml_element.c +++ b/ext/xmlrpc/libxmlrpc/xml_element.c @@ -720,6 +720,9 @@ xml_element* xml_elem_parse_buf(const char* in_buf, int len, XML_ELEM_INPUT_OPTI long byte_idx = XML_GetCurrentByteIndex(parser); /* int byte_total = XML_GetCurrentByteCount(parser); */ const char * error_str = XML_ErrorString(err_code); + if(byte_idx > len) { + byte_idx = len; + } if(byte_idx >= 0) { snprintf(buf, sizeof(buf), |