From eb553965f1045f06394e58b608d6392be57c7696 Mon Sep 17 00:00:00 2001 From: Rado Date: Thu, 24 Jan 2019 16:04:29 +0200 Subject: [PATCH] Fixed buffer outflow during deserialization of map objects --- src/ds/ds_htable.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/ds/ds_htable.c b/src/ds/ds_htable.c index 1a79832..b7ed418 100644 --- a/src/ds/ds_htable.c +++ b/src/ds/ds_htable.c @@ -1210,7 +1210,7 @@ int ds_htable_unserialize(ds_htable_t *table, const unsigned char *buffer, size_ PHP_VAR_UNSERIALIZE_INIT(unserialize_data); - while (*pos != '}') { + while (pos != end) { zval *key = var_tmp_var(&unserialize_data); zval *value = var_tmp_var(&unserialize_data); @@ -1230,10 +1230,6 @@ int ds_htable_unserialize(ds_htable_t *table, const unsigned char *buffer, size_ ds_htable_put(table, key, value); } - if (pos != end) { - goto error; - } - PHP_VAR_UNSERIALIZE_DESTROY(unserialize_data); return SUCCESS;