Overview

File php7-CVE-2025-14178.patch of Package php7.41627

Index: php-7.4.33/ext/standard/array.c
===================================================================
--- php-7.4.33.orig/ext/standard/array.c
+++ php-7.4.33/ext/standard/array.c
@@ -3813,7 +3813,7 @@ static zend_always_inline void php_array
 	int argc, i;
 	zval *src_entry;
 	HashTable *src, *dest;
-	uint32_t count = 0;
+	uint64_t count = 0;
 
 	ZEND_PARSE_PARAMETERS_START(0, -1)
 		Z_PARAM_VARIADIC('+', args, argc)
@@ -3833,6 +3833,11 @@ static zend_always_inline void php_array
 		count += zend_hash_num_elements(Z_ARRVAL_P(arg));
 	}
 
+	if (UNEXPECTED(count >= HT_MAX_SIZE)) {
+		zend_throw_error(NULL, "The total number of elements must be lower than %u", HT_MAX_SIZE);
+		RETURN_NULL();
+	}
+
 	if (argc == 2) {
 		zval *ret = NULL;
openSUSE Build Service is sponsored by
Places