Merge branch 'PHP-7.1'

* PHP-7.1: More int->size_t and string overflow fixes
author: Stanislav Malyshev <stas@php.net> 2016-11-05 13:59:56 -0700
committer: Stanislav Malyshev <stas@php.net> 2016-11-05 13:59:56 -0700
commit: bbdd6a65e2c742f97332ecfc820f2ac3e4c816e8 (patch)
tree: 6961d6b9a2fbcb3f5c26061eef5be7007c1e6817 /Zend/zend_multiply.h
parent: 74ce3edbfd2ac5934c0bee85a692584b0173223a (diff)
parent: f7f8aae33cdaf74ca2d360ccf24256d6afd99b39 (diff)
download: php-git-bbdd6a65e2c742f97332ecfc820f2ac3e4c816e8.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/Zend/zend_multiply.h b/Zend/zend_multiply.h
index e7c2470a0f..9790c1faa3 100644
--- a/Zend/zend_multiply.h
+++ b/Zend/zend_multiply.h
@@ -300,6 +300,19 @@ static zend_always_inline size_t zend_safe_address_guarded(size_t nmemb, size_t
 	return ret;
 }
 
+/* A bit more generic version of the same */
+static zend_always_inline size_t zend_safe_addmult(size_t nmemb, size_t size, size_t offset, const char *message)
+{
+	int overflow;
+	size_t ret = zend_safe_address(nmemb, size, offset, &overflow);
+
+	if (UNEXPECTED(overflow)) {
+		zend_error_noreturn(E_ERROR, "Possible integer overflow in %s (%zu * %zu + %zu)", message, nmemb, size, offset);
+		return 0;
+	}
+	return ret;
+}
+
 #endif /* ZEND_MULTIPLY_H */
 
 /*
author	Stanislav Malyshev <stas@php.net>	2016-11-05 13:59:56 -0700
committer	Stanislav Malyshev <stas@php.net>	2016-11-05 13:59:56 -0700
commit	bbdd6a65e2c742f97332ecfc820f2ac3e4c816e8 (patch)
tree	6961d6b9a2fbcb3f5c26061eef5be7007c1e6817 /Zend/zend_multiply.h
parent	74ce3edbfd2ac5934c0bee85a692584b0173223a (diff)
parent	f7f8aae33cdaf74ca2d360ccf24256d6afd99b39 (diff)
download	php-git-bbdd6a65e2c742f97332ecfc820f2ac3e4c816e8.tar.gz