https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2688
http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5
--- php-5.3.3/main/streams/streams.c.cve2688 2012-10-16 13:41:35.000000000 +0200
+++ php-5.3.3/main/streams/streams.c 2012-10-16 13:49:11.548079279 +0200
@@ -2160,6 +2160,11 @@
if (vector_size == 0) {
vector_size = 10;
} else {
+ if (vector_size*2 < vector_size) {
+ /* overflow */
+ efree(vector);
+ return FAILURE;
+ }
vector_size *= 2;
}
vector = (char **) erealloc(vector, vector_size * sizeof(char *));
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
56662f8135650f8f8f84b2c96c004eb0
>
files
>
42
