Fixed bug #70914 zend_throw_or_error() format string vulnerability

author: Taoguang Chen <taoguangchen@icloud.com> 2015-11-14 23:44:59 +0100
committer: Anatol Belski <ab@php.net> 2015-11-14 23:44:59 +0100
commit: 617698dfe0f22bfa6041e6f0728136002d30d2bc (patch)
tree: 81ff524e5edf13ee14ebb1bb268f33eb6b3a3a7a /Zend/zend_execute_API.c
parent: c2773ea02f94f4efa0be33f510088e8395caba1f (diff)
download: php-git-617698dfe0f22bfa6041e6f0728136002d30d2bc.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 9d255edfd4..9979aac256 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -220,7 +220,7 @@ static void zend_throw_or_error(int fetch_type, zend_class_entry *exception_ce,
 	if (fetch_type & ZEND_FETCH_CLASS_EXCEPTION) {
 		zend_throw_error(exception_ce, message);
 	} else {
-		zend_error(E_ERROR, message);
+		zend_error(E_ERROR, "%s", message);
 	}
 
 	efree(message);
author	Taoguang Chen <taoguangchen@icloud.com>	2015-11-14 23:44:59 +0100
committer	Anatol Belski <ab@php.net>	2015-11-14 23:44:59 +0100
commit	617698dfe0f22bfa6041e6f0728136002d30d2bc (patch)
tree	81ff524e5edf13ee14ebb1bb268f33eb6b3a3a7a /Zend/zend_execute_API.c
parent	c2773ea02f94f4efa0be33f510088e8395caba1f (diff)
download	php-git-617698dfe0f22bfa6041e6f0728136002d30d2bc.tar.gz