Overview

File php-CVE-2016-5399.patch of Package php5.3357

From: Stanislav Malyshev <stas@php.net>
Date: Tue, 19 Jul 2016 05:20:45 +0000 (-0700)
Subject: Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
X-Git-Tag: php-5.5.38~10^2~2
X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=f3feddb5b45b5abd93abb1a95044b7e099d51c84

Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
---

Index: php-5.6.1/ext/bz2/bz2.c
===================================================================
--- php-5.6.1.orig/ext/bz2/bz2.c	2014-10-01 11:17:38.000000000 +0200
+++ php-5.6.1/ext/bz2/bz2.c	2016-08-03 13:43:27.587198800 +0200
@@ -138,15 +138,19 @@ struct php_bz2_stream_data_t {
 static size_t php_bz2iop_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
 {
 	struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *) stream->abstract;
-	size_t ret;
-	
-	ret = BZ2_bzread(self->bz_file, buf, count);
+	int bz2_ret;
 
-	if (ret == 0) {
+	bz2_ret = BZ2_bzread(self->bz_file, buf, count);
+
+	if (bz2_ret < 0) {
+		stream->eof = 1;
+		return -1;
+	}
+	if (bz2_ret == 0) {
 		stream->eof = 1;
 	}
 
-	return ret;
+	return (size_t)bz2_ret;
 }
 
 static size_t php_bz2iop_write(php_stream *stream, const char *buf, size_t count TSRMLS_DC)
openSUSE Build Service is sponsored by
Places