summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2014-06-08 13:44:40 -0700
committerStanislav Malyshev <stas@php.net>2014-07-18 16:26:51 -0700
commite644aad3f9138bbb2e77520f033ba902f236b8b5 (patch)
treecd1eb9f604cbf1df8ef06c7613ea4562dcb9feae
parent8ab4e2e90de44db0ee56b53e956b2b23f3c1cfa8 (diff)
downloadphp-git-e644aad3f9138bbb2e77520f033ba902f236b8b5.tar.gz
Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
Diffstat
-rw-r--r--ext/intl/locale/locale_methods.c10
-rw-r--r--ext/intl/tests/bug67397.phpt21
2 files changed, 30 insertions, 1 deletions
diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c
index 0afbba2a51..881e35618e 100644
--- a/ext/intl/locale/locale_methods.c
+++ b/ext/intl/locale/locale_methods.c
@@ -497,8 +497,16 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME
RETURN_FALSE;
}
+ if(loc_name_len > ULOC_FULLNAME_CAPACITY) {
+ /* See bug 67397: overlong locale names cause trouble in uloc_getDisplayName */
+ spprintf(&msg , 0, "locale_get_display_%s : name too long", tag_name );
+ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC );
+ efree(msg);
+ RETURN_FALSE;
+ }
+
if(loc_name_len == 0) {
- loc_name = INTL_G(default_locale);
+ loc_name = INTL_G(default_locale);
}
if( strcmp(tag_name, DISP_NAME) != 0 ){
diff --git a/ext/intl/tests/bug67397.phpt b/ext/intl/tests/bug67397.phpt
new file mode 100644
index 0000000000..b2b2911f8a
--- /dev/null
+++ b/ext/intl/tests/bug67397.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
+--SKIPIF--
+<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
+--FILE--
+<?php
+
+function ut_main()
+{
+ $ret = var_export(ut_loc_get_display_name(str_repeat('*', 256), 'en_us'), true);
+ $ret .= "\n";
+ $ret .= var_export(intl_get_error_message(), true);
+ return $ret;
+}
+
+include_once( 'ut_common.inc' );
+ut_run();
+?>
+--EXPECTF--
+false
+'locale_get_display_name : name too long: U_ILLEGAL_ARGUMENT_ERROR'
View Lorry Controller Status