File php-5.3.5-CVE-2012-2688.patch of Package php5
http://git.php.net/?p=php-src.git;a=commit;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5
Index: main/streams/streams.c
===================================================================
--- main/streams/streams.c.orig
+++ main/streams/streams.c
@@ -2164,6 +2164,11 @@ PHPAPI int _php_stream_scandir(char *dir
if (vector_size == 0) {
vector_size = 10;
} else {
+ if(vector_size*2 < vector_size) {
+ /* overflow */
+ efree(vector);
+ return FAILURE;
+ }
vector_size *= 2;
}
vector = (char **) erealloc(vector, vector_size * sizeof(char *));