- Fix bug #55622, better fix for this issue, old fix can break if sizeof(size_t) > sizeof(int) like on sparc

author: Pierre Joye <pajoye@php.net> 2011-09-26 08:36:33 +0000
committer: Pierre Joye <pajoye@php.net> 2011-09-26 08:36:33 +0000
commit: 60bf324ed5fafbba9c307b167bdfda96614f1637 (patch)
tree: 3f35f4302599d97ed174fd20d2c80be782f4bc7e
parent: f50f54a6ea4d8f4be7204acfee66aae047b61ede (diff)
download: php-git-60bf324ed5fafbba9c307b167bdfda96614f1637.tar.gz
1 files changed, 12 insertions, 2 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index d06c0c676a..3f30aef521 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -3989,7 +3989,13 @@ PHP_FUNCTION(getenv)
 
 		ptr = emalloc(size);
 		size = GetEnvironmentVariableA(str, ptr, size);
-		RETURN_STRING(ptr, 0);
+		if (size == 0) {
+				/* has been removed between the two calls */
+				efree(ptr);
+				RETURN_EMPTY_STRING();
+		} else {
+			RETURN_STRING(ptr, 0);
+		}
 	}
 #else
 	/* system method returns a const */
@@ -5930,7 +5936,7 @@ PHP_FUNCTION(parse_ini_file)
 PHP_FUNCTION(parse_ini_string)
 {
 	char *string = NULL, *str = NULL;
-	size_t str_len = 0;
+	int str_len = 0;
 	zend_bool process_sections = 0;
 	long scanner_mode = ZEND_INI_SCANNER_NORMAL;
 	zend_ini_parser_cb_t ini_parser_cb;
@@ -5939,6 +5945,10 @@ PHP_FUNCTION(parse_ini_string)
 		RETURN_FALSE;
 	}
 
+	if (INT_MAX - str_len < ZEND_MMAP_AHEAD) {
+		RETVAL_FALSE;
+	}
+
 	/* Set callback function */
 	if (process_sections) {
 		BG(active_ini_file_section) = NULL;
author	Pierre Joye <pajoye@php.net>	2011-09-26 08:36:33 +0000
committer	Pierre Joye <pajoye@php.net>	2011-09-26 08:36:33 +0000
commit	60bf324ed5fafbba9c307b167bdfda96614f1637 (patch)
tree	3f35f4302599d97ed174fd20d2c80be782f4bc7e
parent	f50f54a6ea4d8f4be7204acfee66aae047b61ede (diff)
download	php-git-60bf324ed5fafbba9c307b167bdfda96614f1637.tar.gz