File php-5.3.3-CVE-2011-1471.patch of Package php5
http://svn.php.net/viewvc/?view=revision&revision=307917
Index: ext/zip/zip_stream.c
===================================================================
--- ext/zip/zip_stream.c.orig
+++ ext/zip/zip_stream.c
@@ -30,11 +30,11 @@ struct php_zip_stream_data_t {
/* {{{ php_zip_ops_read */
static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
{
- int n = 0;
+ ssize_t n = 0;
STREAM_DATA_FROM_STREAM();
if (self->za && self->zf) {
- n = (size_t)zip_fread(self->zf, buf, (int)count);
+ n = zip_fread(self->zf, buf, count);
if (n < 0) {
int ze, se;
zip_file_error_get(self->zf, &ze, &se);
@@ -42,13 +42,15 @@ static size_t php_zip_ops_read(php_strea
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
return 0;
}
- if (n == 0 || n < count) {
+ /* cast count to signed value to avoid possibly negative n
+ * being cast to unsigned value */
+ if (n == 0 || n < (ssize_t)count) {
stream->eof = 1;
} else {
self->cursor += n;
}
}
- return (n < 1 ? 0 : n);
+ return (n < 1 ? 0 : (size_t)n);
}
/* }}} */