File tree Expand file tree Collapse file tree 3 files changed +17
-1
lines changed Expand file tree Collapse file tree 3 files changed +17
-1
lines changed Original file line number Diff line number Diff line change @@ -36,6 +36,8 @@ PHP NEWS
3636- Standard:
3737 . Fix misleading errors in printf(). (nielsdos)
3838 . Fix RCN violations in array functions. (nielsdos)
39+ . Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
40+ (David Carlier)
3941
4042- Streams:
4143 . Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
Original file line number Diff line number Diff line change @@ -386,7 +386,7 @@ PHP_FUNCTION(pack)
386386 switch ((int ) code ) {
387387 case 'h' :
388388 case 'H' :
389- INC_OUTPUTPOS ((arg + (arg % 2 )) / 2 ,1 ) /* 4 bit per arg */
389+ INC_OUTPUTPOS ((arg / 2 ) + (arg % 2 ),1 ) /* 4 bit per arg */
390390 break ;
391391
392392 case 'a' :
Original file line number Diff line number Diff line change 1+ --TEST--
2+ GH-18976 (pack overflow with h/H format)
3+ --INI--
4+ memory_limit=-1
5+ --FILE--
6+ <?php
7+ pack ('h2147483647 ' , 1 );
8+ pack ('H2147483647 ' , 1 );
9+ ?>
10+ --EXPECTF--
11+
12+ Warning: pack(): Type h: not enough characters in string in %s on line %d
13+
14+ Warning: pack(): Type H: not enough characters in string in %s on line %d
You can’t perform that action at this time.
0 commit comments