add safe_emalloc

author: Sascha Schumann <sas@php.net> 2003-04-24 03:35:06 +0000
committer: Sascha Schumann <sas@php.net> 2003-04-24 03:35:06 +0000
commit: 04d2905fb55f9bb1c32ce2ed110f50a37b35c5a2 (patch)
tree: 5d300157e49eddefa7e93d86ea76bd308781908e /Zend/zend_alloc.c
parent: d2833dc9c2b65ee86e59ed9b95869dbd89b77e8d (diff)
download: php-git-04d2905fb55f9bb1c32ce2ed110f50a37b35c5a2.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index 48eb22b3cd..9df3fe7888 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -206,6 +206,34 @@ ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 	return (void *)((char *)p + sizeof(zend_mem_header) + MEM_HEADER_PADDING);
 }
 
+#include "zend_multiply.h"
+
+ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+{
+
+	if (nmemb < LONG_MAX
+			&& size < LONG_MAX
+			&& offset < LONG_MAX
+			&& nmemb >= 0
+			&& size >= 0
+			&& offset >= 0) {
+		long lval;
+		double dval;
+		int use_dval;
+
+		ZEND_SIGNED_MULTIPLY_LONG(nmemb, size, lval, dval, use_dval);
+
+		if (!use_dval
+				&& lval < LONG_MAX - offset) {
+			return emalloc_rel(lval + offset);
+		}
+	}
+
+	zend_error(E_ERROR, "Possible integer overflow in memory allocation (%ld * %ld + %ld)", nmemb, size, offset);
+	return 0;
+}
+
+
 
 ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
author	Sascha Schumann <sas@php.net>	2003-04-24 03:35:06 +0000
committer	Sascha Schumann <sas@php.net>	2003-04-24 03:35:06 +0000
commit	04d2905fb55f9bb1c32ce2ed110f50a37b35c5a2 (patch)
tree	5d300157e49eddefa7e93d86ea76bd308781908e /Zend/zend_alloc.c
parent	d2833dc9c2b65ee86e59ed9b95869dbd89b77e8d (diff)
download	php-git-04d2905fb55f9bb1c32ce2ed110f50a37b35c5a2.tar.gz