Fixed possible integer overflow in str_repeat().

author: Ilia Alshanetsky <iliaa@php.net> 2003-04-02 00:25:45 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2003-04-02 00:25:45 +0000
commit: aab97182537150dc41406d82a64122966ebed805 (patch)
tree: dd71c7993f5c097892c1c994405b188f85fdc4c0
parent: dcf0c709501a0b04e231f7e87d53d70d5ee58dc8 (diff)
download: php-git-aab97182537150dc41406d82a64122966ebed805.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c
index ceafe56811..371a72eb7d 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3787,6 +3787,10 @@ PHP_FUNCTION(str_repeat)
 	
 	/* Initialize the result string */	
 	result_len = Z_STRLEN_PP(input_str) * Z_LVAL_PP(mult);
+	if (result_len < 1 || result_len > 2147483647) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may not create strings longer then 2147483647 bytes");
+		RETURN_FALSE;
+	}
 	result = (char *)emalloc(result_len + 1);
 	
 	/* Heavy optimization for situations where input string is 1 byte long */
author	Ilia Alshanetsky <iliaa@php.net>	2003-04-02 00:25:45 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2003-04-02 00:25:45 +0000
commit	aab97182537150dc41406d82a64122966ebed805 (patch)
tree	dd71c7993f5c097892c1c994405b188f85fdc4c0
parent	dcf0c709501a0b04e231f7e87d53d70d5ee58dc8 (diff)
download	php-git-aab97182537150dc41406d82a64122966ebed805.tar.gz