Overview

File php-CVE-2016-5770.patch of Package php5.3636

Index: php-5.6.1/ext/spl/spl_directory.c
===================================================================
--- php-5.6.1.orig/ext/spl/spl_directory.c	2016-06-27 10:50:46.889702585 +0200
+++ php-5.6.1/ext/spl/spl_directory.c	2016-06-27 10:51:50.966752141 +0200
@@ -2939,6 +2939,11 @@ SPL_METHOD(SplFileObject, fread)
 		RETURN_FALSE;
 	}
 
+	if (length > INT_MAX) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
+		RETURN_FALSE;
+	}
+
 	Z_STRVAL_P(return_value) = emalloc(length + 1);
 	Z_STRLEN_P(return_value) = php_stream_read(intern->u.file.stream, Z_STRVAL_P(return_value), length);
openSUSE Build Service is sponsored by
Places