diff options
| author | Nikita Popov <nikic@php.net> | 2012-07-05 20:14:49 +0200 |
|---|---|---|
| committer | Nikita Popov <nikic@php.net> | 2012-07-05 20:14:49 +0200 |
| commit | 88f46b162b3bf9bc9a7a1d3d7280f702f5b9f501 (patch) | |
| tree | 8e306e3fb4e192c7d499d9d2e5542cf0e3c1c560 | |
| parent | 6b2b1952671c74056c3335ded8342a94d5df931f (diff) | |
| download | php-git-88f46b162b3bf9bc9a7a1d3d7280f702f5b9f501.tar.gz | |
Fix potential integer overflow in bin2hex
The code was already using safe_emalloc but did the multiplication in
the first argument, thus making the use of safe_emalloc pretty useless.
The *2 is now moved to the second argument.
| -rw-r--r-- | ext/standard/string.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index e3fc27e7e2..a521d78261 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -131,7 +131,7 @@ static char *php_bin2hex(const unsigned char *old, const size_t oldlen, size_t * register unsigned char *result = NULL; size_t i, j; - result = (unsigned char *) safe_emalloc(oldlen * 2, sizeof(char), 1); + result = (unsigned char *) safe_emalloc(oldlen, 2 * sizeof(char), 1); for (i = j = 0; i < oldlen; i++) { result[j++] = hexconvtab[old[i] >> 4]; |