diff options
| author | Stanislav Malyshev <stas@php.net> | 2007-02-16 18:06:28 +0000 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2007-02-16 18:06:28 +0000 |
| commit | 4274449a02f6ad1c0f2a36f85e783c763541d1e8 (patch) | |
| tree | f64c5423fd6e8b3674f955ec51aa6267388d4a65 /Zend/zend_alloc.c | |
| parent | a3493bd3decf624fceba789078f7fd4f48dd3154 (diff) | |
| download | php-git-4274449a02f6ad1c0f2a36f85e783c763541d1e8.tar.gz | |
add safe_realloc
Diffstat (limited to 'Zend/zend_alloc.c')
| -rw-r--r-- | Zend/zend_alloc.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 10aa388448..ca5e84a8af 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -1520,6 +1520,7 @@ static void _zend_mm_free_int(zend_mm_heap *heap, void *p ZEND_FILE_LINE_DC ZEND if (!ZEND_MM_VALID_PTR(p)) { return; } + mm_block = ZEND_MM_HEADER_OF(p); size = ZEND_MM_BLOCK_SIZE(mm_block); ZEND_MM_CHECK_PROTECTION(mm_block); @@ -1947,6 +1948,57 @@ ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) return 0; } +ZEND_API void *_safe_erealloc(void *ptr, size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +{ + + if (nmemb < LONG_MAX + && size < LONG_MAX + && offset < LONG_MAX + && nmemb >= 0 + && size >= 0 + && offset >= 0) { + long lval; + double dval; + int use_dval; + + ZEND_SIGNED_MULTIPLY_LONG(nmemb, size, lval, dval, use_dval); + + if (!use_dval + && lval < (long) (LONG_MAX - offset)) { + return erealloc_rel(ptr, lval + offset); + } + } + + zend_error(E_ERROR, "Possible integer overflow in memory allocation (%zd * %zd + %zd)", nmemb, size, offset); + return 0; +} + +ZEND_API void *_safe_realloc(void *ptr, size_t nmemb, size_t size, size_t offset) +{ + + if (nmemb < LONG_MAX + && size < LONG_MAX + && offset < LONG_MAX + && nmemb >= 0 + && size >= 0 + && offset >= 0) { + long lval; + double dval; + int use_dval; + + ZEND_SIGNED_MULTIPLY_LONG(nmemb, size, lval, dval, use_dval); + + if (!use_dval + && lval < (long) (LONG_MAX - offset)) { + return perealloc(ptr, lval + offset, 1); + } + } + + zend_error(E_ERROR, "Possible integer overflow in memory allocation (%zd * %zd + %zd)", nmemb, size, offset); + return 0; +} + + ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) { void *p; |