From 617698dfe0f22bfa6041e6f0728136002d30d2bc Mon Sep 17 00:00:00 2001
From: Taoguang Chen <taoguangchen@icloud.com>
Date: Sat, 14 Nov 2015 23:44:59 +0100
Subject: Fixed bug #70914 zend_throw_or_error() format string vulnerability

---
 Zend/zend_execute_API.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Zend/zend_execute_API.c')

diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index 9d255edfd4..9979aac256 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -220,7 +220,7 @@ static void zend_throw_or_error(int fetch_type, zend_class_entry *exception_ce,
 	if (fetch_type & ZEND_FETCH_CLASS_EXCEPTION) {
 		zend_throw_error(exception_ce, message);
 	} else {
-		zend_error(E_ERROR, message);
+		zend_error(E_ERROR, "%s", message);
 	}
 
 	efree(message);
-- 
cgit v1.2.1