File php-5.3.3-CVE-2010-4156.patch of Package php5
Index: ext/mbstring/libmbfl/mbfl/mbfilter.c
===================================================================
--- ext/mbstring/libmbfl/mbfl/mbfilter.c.orig
+++ ext/mbstring/libmbfl/mbfl/mbfilter.c
@@ -1398,6 +1398,11 @@ mbfl_strcut(
end = start + (length & -4);
} else if ((encoding->flag & MBFL_ENCTYPE_SBCS)) {
start = string->val + from;
+
+ if (from + length >= string->len) {
+ length = string->len - from;
+ }
+
end = start + length;
} else if (encoding->mblen_table != NULL) {
const unsigned char *mbtab = encoding->mblen_table;