More int->size_t and string overflow fixes

author: Stanislav Malyshev <stas@php.net> 2016-11-05 13:20:24 -0700
committer: Stanislav Malyshev <stas@php.net> 2016-11-05 13:22:17 -0700
commit: 669763d88a8bb9707a45f0937a129b63a161d2f0 (patch)
tree: 88a1fc19403a330c9a50e7095ee0a8844445b993 /ext/standard/html.c
parent: d858b4c77fa28ff9b0a597141a58f51803bafc2b (diff)
download: php-git-669763d88a8bb9707a45f0937a129b63a161d2f0.tar.gz
1 files changed, 1 insertions, 5 deletions
diff --git a/ext/standard/html.c b/ext/standard/html.c
index 090b4de4f0..e73afec4db 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1269,11 +1269,7 @@ PHPAPI zend_string *php_escape_html_entities_ex(unsigned char *old, size_t oldle
 	if (oldlen < 64) {
 		maxlen = 128;
 	} else {
-		maxlen = 2 * oldlen;
-		if (maxlen < oldlen) {
-			zend_error_noreturn(E_ERROR, "Input string is too long");
-			return NULL;
-		}
+		maxlen = zend_safe_addmult(oldlen, 2, 0, "html_entities");
 	}
 
 	replaced = zend_string_alloc(maxlen, 0);
author	Stanislav Malyshev <stas@php.net>	2016-11-05 13:20:24 -0700
committer	Stanislav Malyshev <stas@php.net>	2016-11-05 13:22:17 -0700
commit	669763d88a8bb9707a45f0937a129b63a161d2f0 (patch)
tree	88a1fc19403a330c9a50e7095ee0a8844445b993 /ext/standard/html.c
parent	d858b4c77fa28ff9b0a597141a58f51803bafc2b (diff)
download	php-git-669763d88a8bb9707a45f0937a129b63a161d2f0.tar.gz