File php-CVE-2016-5096.patch of Package php5.openSUSE_Leap_42.1_Update

X-Git-Url: https://72.52.91.13:4430/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Ffile.c;h=e39c84f1cd41e536a35b5069f74443d66bae87b5;hp=0abc022ca6b1558a3aee50963851c5d59fee96ff;hb=abd159cce48f3e34f08e4751c568e09677d5ec9c;hpb=95ed19ae28009aa7b3ed42d5760478de82640560

diff --git a/ext/standard/file.c b/ext/standard/file.c
index 0abc022..e39c84f 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1758,6 +1758,12 @@ PHPAPI PHP_FUNCTION(fread)
 		RETURN_FALSE;
 	}
 
+	if (len > INT_MAX) {
+		/* string length is int in 5.x so we can not read more than int */
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
+		RETURN_FALSE;
+	}
+
 	Z_STRVAL_P(return_value) = emalloc(len + 1);
 	Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len);