diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-26 16:03:35 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-02-18 09:13:40 +0100 |
| commit | 254a7c245773d0dd16ead79a598f415dd0d6ee92 (patch) | |
| tree | c14e91d96b97a8b9c2ac05590041d98244686cde /ext/phar/phar_object.c | |
| parent | 08b47a3d0fcd16a4a8f351d5ee60bfa64e71b39f (diff) | |
| download | php-git-PHP-7.3.15.tar.gz | |
Fix # 79171: heap-buffer-overflow in phar_extract_filephp-7.3.15PHP-7.3.15
We must not access memory outside of the allocated buffer.
(cherry picked from commit 7df594b9437aa4f127581e4c88da99e7c41a9b14)
Diffstat (limited to 'ext/phar/phar_object.c')
| -rw-r--r-- | ext/phar/phar_object.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 14b4a795d0..82c7c376ed 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -4153,7 +4153,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char * if ('\\' == filename[cnt]) { filename[cnt] = '/'; } - } while (cnt++ <= filename_len); + } while (cnt++ < filename_len); } #endif |