diff options
author | Stanislav Malyshev <stas@php.net> | 2016-11-05 13:59:56 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-11-05 13:59:56 -0700 |
commit | bbdd6a65e2c742f97332ecfc820f2ac3e4c816e8 (patch) | |
tree | 6961d6b9a2fbcb3f5c26061eef5be7007c1e6817 /Zend/zend_multiply.h | |
parent | 74ce3edbfd2ac5934c0bee85a692584b0173223a (diff) | |
parent | f7f8aae33cdaf74ca2d360ccf24256d6afd99b39 (diff) | |
download | php-git-bbdd6a65e2c742f97332ecfc820f2ac3e4c816e8.tar.gz |
Merge branch 'PHP-7.1'
* PHP-7.1:
More int->size_t and string overflow fixes
Diffstat (limited to 'Zend/zend_multiply.h')
-rw-r--r-- | Zend/zend_multiply.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/Zend/zend_multiply.h b/Zend/zend_multiply.h index e7c2470a0f..9790c1faa3 100644 --- a/Zend/zend_multiply.h +++ b/Zend/zend_multiply.h @@ -300,6 +300,19 @@ static zend_always_inline size_t zend_safe_address_guarded(size_t nmemb, size_t return ret; } +/* A bit more generic version of the same */ +static zend_always_inline size_t zend_safe_addmult(size_t nmemb, size_t size, size_t offset, const char *message) +{ + int overflow; + size_t ret = zend_safe_address(nmemb, size, offset, &overflow); + + if (UNEXPECTED(overflow)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in %s (%zu * %zu + %zu)", message, nmemb, size, offset); + return 0; + } + return ret; +} + #endif /* ZEND_MULTIPLY_H */ /* |