File php-5.1.2-CVE-2007-2748.patch of Package php

--- ext/standard/string.c
+++ ext/standard/string.c
@@ -4512,7 +4512,7 @@
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length should be greater than 0.");
 				RETURN_FALSE;		
 			}
-                        if ((p + Z_LVAL_PP(length)) <= p || (p + Z_LVAL_PP(length)) > endp) {
+ 			if (Z_LVAL_PP(length) > (Z_STRLEN_PP(haystack) - Z_LVAL_PP(offset))) {
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length value %ld exceeds string length.", Z_LVAL_PP(length));
 				RETURN_FALSE;
 			}