Skip to content

Commit e2059a4

Browse files
committed
curl: Don't truncate length
Truncating to an int seems dangerous, esp. in combination with a MIN macro. I don't see a reason to truncate the length from size_t to int, and especially no reason to change the signedness. Closes GH-20747.
1 parent b911748 commit e2059a4

2 files changed

Lines changed: 4 additions & 3 deletions

File tree

NEWS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ PHP NEWS
1515
- Curl:
1616
. Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback).
1717
(David Carlier)
18+
. Don't truncate length. (ndossche)
1819

1920
- Date:
2021
. Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start).

ext/curl/interface.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -583,7 +583,7 @@ static size_t curl_write(char *data, size_t size, size_t nmemb, void *ctx)
583583
return fwrite(data, size, nmemb, write_handler->fp);
584584
case PHP_CURL_RETURN:
585585
if (length > 0) {
586-
smart_str_appendl(&write_handler->buf, data, (int) length);
586+
smart_str_appendl(&write_handler->buf, data, length);
587587
}
588588
break;
589589
case PHP_CURL_USER: {
@@ -860,7 +860,7 @@ static size_t curl_read(char *data, size_t size, size_t nmemb, void *ctx)
860860
if (!Z_ISUNDEF(retval)) {
861861
_php_curl_verify_handlers(ch, /* reporterror */ true);
862862
if (Z_TYPE(retval) == IS_STRING) {
863-
length = MIN((size * nmemb), Z_STRLEN(retval));
863+
length = MIN(size * nmemb, Z_STRLEN(retval));
864864
memcpy(data, Z_STRVAL(retval), length);
865865
} else if (Z_TYPE(retval) == IS_LONG) {
866866
length = Z_LVAL_P(&retval);
@@ -891,7 +891,7 @@ static size_t curl_write_header(char *data, size_t size, size_t nmemb, void *ctx
891891
/* Handle special case write when we're returning the entire transfer
892892
*/
893893
if (ch->handlers.write->method == PHP_CURL_RETURN && length > 0) {
894-
smart_str_appendl(&ch->handlers.write->buf, data, (int) length);
894+
smart_str_appendl(&ch->handlers.write->buf, data, length);
895895
} else {
896896
PHPWRITE(data, length);
897897
}

0 commit comments

Comments
 (0)