Skip to content

Commit 4bdb8e4

Browse files
committed
ext/standard levenshtein overflow on 3rd, 4th and 5th arguments.
1 parent a8d1955 commit 4bdb8e4

File tree

2 files changed

+43
-0
lines changed

2 files changed

+43
-0
lines changed

ext/standard/levenshtein.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,20 @@ PHP_FUNCTION(levenshtein)
7878
RETURN_THROWS();
7979
}
8080

81+
if (ZEND_LONG_UINT_OVFL(cost_ins)) {
82+
zend_argument_value_error(3, "must be between 0 and %u", UINT_MAX);
83+
RETURN_THROWS();
84+
}
85+
86+
if (ZEND_LONG_UINT_OVFL(cost_rep)) {
87+
zend_argument_value_error(4, "must be between 0 and %u", UINT_MAX);
88+
RETURN_THROWS();
89+
}
90+
91+
if (ZEND_LONG_UINT_OVFL(cost_del)) {
92+
zend_argument_value_error(5, "must be between 0 and %u", UINT_MAX);
93+
RETURN_THROWS();
94+
}
8195

8296
RETURN_LONG(reference_levdist(string1, string2, cost_ins, cost_rep, cost_del));
8397
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
--TEST--
2+
GH-14807 overflow on insertion_cost/replacement_cost/deletion_cost
3+
--FILE--
4+
<?php
5+
$str1 = "abcd";
6+
$str2 = "defg";
7+
8+
try {
9+
levenshtein($str1, $str2, PHP_INT_MIN);
10+
} catch (\ValueError $e) {
11+
echo $e->getMessage() . PHP_EOL;
12+
}
13+
14+
try {
15+
levenshtein($str1, $str2, 1, PHP_INT_MIN);
16+
} catch (\ValueError $e) {
17+
echo $e->getMessage() . PHP_EOL;
18+
}
19+
20+
try {
21+
levenshtein($str1, $str2, 1, 1, PHP_INT_MIN);
22+
} catch (\ValueError $e) {
23+
echo $e->getMessage() . PHP_EOL;
24+
}
25+
?>
26+
--EXPECTF--
27+
levenshtein(): Argument #3 ($insertion_cost) must be between 0 and %d
28+
levenshtein(): Argument #4 ($replacement_cost) must be between 0 and %d
29+
levenshtein(): Argument #5 ($deletion_cost) must be between 0 and %d

0 commit comments

Comments
 (0)