Hash unserialization: Check whirlpool bits counter.

Which should be removed, since the bits counter's lower 3
bits are always zero (all the code involving bufferRem
is dead, because bufferRem is always zero).

Author: kohler

ext/hash/hash_whirlpool.c

@@ -436,7 +436,9 @@ static int php_whirlpool_unserialize(php_hashcontext_object *hash, zend_long mag
     if (magic == PHP_HASH_SERIALIZE_MAGIC_SPEC
         && (r = php_hash_unserialize_spec(hash, zv, PHP_WHIRLPOOL_SPEC)) == SUCCESS
         && ctx->buffer.pos >= 0
-        && ctx->buffer.pos < (int) sizeof(ctx->buffer.data)) {
+        && ctx->buffer.pos < (int) sizeof(ctx->buffer.data)
+        && ctx->buffer.bits >= ctx->buffer.pos * 8
+        && ctx->buffer.bits < ctx->buffer.pos * 8 + 8) {
         return SUCCESS;
     } else {
         return r != SUCCESS ? r : -2000;