Fixed offset/length parameter validation in substr_compare() function.

author: Ilia Alshanetsky <iliaa@php.net> 2006-03-14 14:55:13 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2006-03-14 14:55:13 +0000
commit: 0a076b11df8654df35c8cda2577b82a4dca5b59a (patch)
tree: 0db0f90c18c891b82396d6a6852e11a62cf29047
parent: 9d6e4964a1ce35dffd24dc00c5a59df22559597d (diff)
download: php-git-0a076b11df8654df35c8cda2577b82a4dca5b59a.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index ac8aa97208..d869deecfb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Mar 2006, PHP 5.1.3RC2
+- Fixed offset/length parameter validation in substr_compare() function. (Ilia)
 - Added overflow checks to wordwrap() function. (Ilia)
 - Removed the E_STRICT deprecation notice from "var". (Ilia)
 - Fixed debug_zval_dump() to support private and protected members. (Dmitry)
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 4f2897ce53..e12d5d6a0f 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4884,7 +4884,7 @@ PHP_FUNCTION(substr_compare)
 		RETURN_FALSE;
 	}
 
-	if (len && offset >= s1_len) {
+	if (offset + len >= s1_len) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length.");
 		RETURN_FALSE;
 	}
author	Ilia Alshanetsky <iliaa@php.net>	2006-03-14 14:55:13 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2006-03-14 14:55:13 +0000
commit	0a076b11df8654df35c8cda2577b82a4dca5b59a (patch)
tree	0db0f90c18c891b82396d6a6852e11a62cf29047
parent	9d6e4964a1ce35dffd24dc00c5a59df22559597d (diff)
download	php-git-0a076b11df8654df35c8cda2577b82a4dca5b59a.tar.gz