File php-5.3.5-memory-corruption-parse_ini_string.patch of Package php5
http://svn.php.net/viewvc?view=revision&revision=316285
http://svn.php.net/viewvc?view=revision&revision=317304
Index: ext/standard/basic_functions.c
===================================================================
--- ext/standard/basic_functions.c.orig
+++ ext/standard/basic_functions.c
@@ -6032,6 +6032,10 @@ PHP_FUNCTION(parse_ini_string)
RETURN_FALSE;
}
+ if (INT_MAX - str_len < ZEND_MMAP_AHEAD) {
+ RETVAL_FALSE;
+ }
+
/* Set callback function */
if (process_sections) {
BG(active_ini_file_section) = NULL;