diff options
author | Dmitry Stogov <dmitry@zend.com> | 2019-02-01 11:13:25 +0300 |
---|---|---|
committer | Dmitry Stogov <dmitry@zend.com> | 2019-02-01 11:13:25 +0300 |
commit | d91e3beaa308e32f7d8c31daa1402f30816fb447 (patch) | |
tree | fb8bbf437070b49517864d083e5fcdafec84cab9 /Zend/zend_smart_str.c | |
parent | 340c6d392720f4681a46b58cfe9a002ce5b7e8b6 (diff) | |
parent | 203a2da30ae6722689e3625ac3c787c560a791a9 (diff) | |
download | php-git-d91e3beaa308e32f7d8c31daa1402f30816fb447.tar.gz |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fixed bug #77329 (Buffer Overflow via overly long Error Messages)
Diffstat (limited to 'Zend/zend_smart_str.c')
-rw-r--r-- | Zend/zend_smart_str.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Zend/zend_smart_str.c b/Zend/zend_smart_str.c index e16c65ea2e..86cf836d62 100644 --- a/Zend/zend_smart_str.c +++ b/Zend/zend_smart_str.c @@ -155,7 +155,12 @@ ZEND_API void ZEND_FASTCALL _smart_string_alloc(smart_string *str, size_t len) str->c = emalloc(SMART_STRING_START_LEN + 1); } else { str->a = ZEND_MM_ALIGNED_SIZE_EX(len + SMART_STRING_OVERHEAD, SMART_STRING_PAGE) - SMART_STRING_OVERHEAD; - str->c = emalloc_large(str->a + 1); + if (EXPECTED(str->a < (ZEND_MM_CHUNK_SIZE - SMART_STRING_OVERHEAD))) { + str->c = emalloc_large(str->a + 1); + } else { + /* allocate a huge chunk */ + str->c = emalloc(str->a + 1); + } } } else { if (UNEXPECTED((size_t) len > SIZE_MAX - str->len)) { |