From 86a8382e71ab9c8e6f05b67f5cafc5abe4fb84b8 Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Sat, 4 Jul 2026 13:35:47 +0000 Subject: [PATCH] fix: V-002 security vulnerability Automated security fix generated by OrbisAI Security --- src/compression/http_compression_response.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/compression/http_compression_response.c b/src/compression/http_compression_response.c index 89b7d29..9db50b4 100644 --- a/src/compression/http_compression_response.c +++ b/src/compression/http_compression_response.c @@ -118,6 +118,7 @@ static void merge_vary_accept_encoding(HashTable *ht) } } /* Build ", Accept-Encoding" in one allocation, store it. */ + if (cl > SIZE_MAX - AE_LEN - 2) { return; } zend_string *merged = zend_string_alloc(cl + 2 + AE_LEN, 0); memcpy(ZSTR_VAL(merged), cur, cl); memcpy(ZSTR_VAL(merged) + cl, ", ", 2);