diff options
Diffstat (limited to 'src/sp_unserialize.c')
| -rw-r--r-- | src/sp_unserialize.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index db99389..0f27255 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c | |||
| @@ -24,6 +24,10 @@ PHP_FUNCTION(sp_serialize) { | |||
| 24 | call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params); | 24 | call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params); |
| 25 | 25 | ||
| 26 | size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); | 26 | size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); |
| 27 | if (len < Z_STRLEN_P(return_value)) { | ||
| 28 | sp_log_err("overflow_error", "Overflow tentative detected in sp_serialize."); | ||
| 29 | sp_terminate(); | ||
| 30 | } | ||
| 27 | zend_string *res = zend_string_alloc(len, 0); | 31 | zend_string *res = zend_string_alloc(len, 0); |
| 28 | 32 | ||
| 29 | memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value)); | 33 | memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value)); |