diff options
author | Stanislav Malyshev <stas@php.net> | 2016-11-05 13:20:24 -0700 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-11-05 13:22:17 -0700 |
commit | 669763d88a8bb9707a45f0937a129b63a161d2f0 (patch) | |
tree | 88a1fc19403a330c9a50e7095ee0a8844445b993 /ext/standard/html.c | |
parent | d858b4c77fa28ff9b0a597141a58f51803bafc2b (diff) | |
download | php-git-669763d88a8bb9707a45f0937a129b63a161d2f0.tar.gz |
More int->size_t and string overflow fixes
Diffstat (limited to 'ext/standard/html.c')
-rw-r--r-- | ext/standard/html.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/ext/standard/html.c b/ext/standard/html.c index 090b4de4f0..e73afec4db 100644 --- a/ext/standard/html.c +++ b/ext/standard/html.c @@ -1269,11 +1269,7 @@ PHPAPI zend_string *php_escape_html_entities_ex(unsigned char *old, size_t oldle if (oldlen < 64) { maxlen = 128; } else { - maxlen = 2 * oldlen; - if (maxlen < oldlen) { - zend_error_noreturn(E_ERROR, "Input string is too long"); - return NULL; - } + maxlen = zend_safe_addmult(oldlen, 2, 0, "html_entities"); } replaced = zend_string_alloc(maxlen, 0); |