diff options
author | Stanislav Malyshev <stas@php.net> | 2016-10-03 00:09:02 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-10-03 00:09:02 -0700 |
commit | 40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (patch) | |
tree | 19da589c716aaa5133d2572530c0eeca0ea680e5 /ext/bcmath/libbcmath | |
parent | da7e89cde880c66887caacd0a3eae7ecdacf9b2a (diff) | |
download | php-git-40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6.tar.gz |
Fix bug #73190: memcpy negative parameter _bc_new_num_ex
Diffstat (limited to 'ext/bcmath/libbcmath')
-rw-r--r-- | ext/bcmath/libbcmath/src/init.c | 5 | ||||
-rw-r--r-- | ext/bcmath/libbcmath/src/outofmem.c | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/ext/bcmath/libbcmath/src/init.c b/ext/bcmath/libbcmath/src/init.c index 986ad1df24..c51133be73 100644 --- a/ext/bcmath/libbcmath/src/init.c +++ b/ext/bcmath/libbcmath/src/init.c @@ -49,7 +49,10 @@ _bc_new_num_ex (length, scale, persistent) int length, scale, persistent; { bc_num temp; - + /* PHP Change: add length check */ + if ((size_t)length+(size_t)scale > INT_MAX) { + zend_error(E_ERROR, "Result too long, max is %d", INT_MAX); + } /* PHP Change: malloc() -> pemalloc(), removed free_list code */ temp = (bc_num) safe_pemalloc (1, sizeof(bc_struct)+length, scale, persistent); #if 0 diff --git a/ext/bcmath/libbcmath/src/outofmem.c b/ext/bcmath/libbcmath/src/outofmem.c index 799a32d2ae..05fa484e11 100644 --- a/ext/bcmath/libbcmath/src/outofmem.c +++ b/ext/bcmath/libbcmath/src/outofmem.c @@ -41,6 +41,5 @@ void bc_out_of_memory (void) { - (void) fprintf (stderr, "bcmath: out of memory!\n"); - exit (1); + zend_error_noreturn(E_ERROR, "bcmath: out of memory!"); } |