--- rpms/php/sme8/php-5.3.3-CVE-2012-2386.patch	2012/06/29 14:45:08	1.1
+++ rpms/php/sme8/php-5.3.3-CVE-2012-2386.patch	2012/06/29 14:45:08	1.1.2.1
@@ -0,0 +1,34 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2386
+
+http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854
+
+--- php-5.3.3/ext/phar/tar.c.cve2386
++++ php-5.3.3/ext/phar/tar.c
+@@ -38,7 +38,7 @@ static php_uint32 phar_tar_number(char *
+ /* }}} */
+ 
+ /* adapted from format_octal() in libarchive
+- * 
++ *
+  * Copyright (c) 2003-2009 Tim Kientzle
+  * All rights reserved.
+  *
+@@ -161,7 +161,7 @@ static int phar_tar_process_metadata(pha
+ 	size_t save = php_stream_tell(fp), read;
+ 	phar_entry_info *mentry;
+ 
+-	metadata = (char *) emalloc(entry->uncompressed_filesize + 1);
++	metadata = (char *) safe_emalloc(1, entry->uncompressed_filesize, 1);
+ 
+ 	read = php_stream_read(fp, metadata, entry->uncompressed_filesize);
+ 	if (read != entry->uncompressed_filesize) {
+@@ -367,7 +367,7 @@ bail:
+ 			}
+ 
+ 			read = php_stream_read(fp, buf, sizeof(buf));
+-	
++
+ 			if (read != sizeof(buf)) {
+ 				efree(entry.filename);
+ 				if (error) {