Overview

File php-5.3.3-CVE-2011-1471.patch of Package php5

http://svn.php.net/viewvc/?view=revision&revision=307917
Index: ext/zip/zip_stream.c
===================================================================
--- ext/zip/zip_stream.c.orig
+++ ext/zip/zip_stream.c
@@ -30,11 +30,11 @@ struct php_zip_stream_data_t {
 /* {{{ php_zip_ops_read */
 static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
 {
-	int n = 0;
+	ssize_t n = 0;
 	STREAM_DATA_FROM_STREAM();
 
 	if (self->za && self->zf) {
-		n = (size_t)zip_fread(self->zf, buf, (int)count);
+		n = zip_fread(self->zf, buf, count);
 		if (n < 0) {
 			int ze, se;
 			zip_file_error_get(self->zf, &ze, &se);
@@ -42,13 +42,15 @@ static size_t php_zip_ops_read(php_strea
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
 			return 0;
 		}
-		if (n == 0 || n < count) {
+		/* cast count to signed value to avoid possibly negative n
+		 * being cast to unsigned value */
+		if (n == 0 || n < (ssize_t)count) {
 			stream->eof = 1;
 		} else {
 			self->cursor += n;
 		}
 	}
-	return (n < 1 ? 0 : n);
+	return (n < 1 ? 0 : (size_t)n);
 }
 /* }}} */
openSUSE Build Service is sponsored by
Places