diff options
| author | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@gmail.com> | 2016-08-17 17:14:30 +0800 |
| commit | ce6ad9bdd96dd3702ef248e5e364400402620dbc (patch) | |
| tree | e4568a0b9239c67999fccb6f75f935a37419f5c7 /ext/standard/php_smart_string.h | |
| parent | e47773b6266a8bb6d39af7f3ed5630c4698c2f76 (diff) | |
| parent | 1dab8e07f2e14221f534202e7d0c03600b3259eb (diff) | |
| download | php-git-ce6ad9bdd96dd3702ef248e5e364400402620dbc.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
Diffstat (limited to 'ext/standard/php_smart_string.h')
| -rw-r--r-- | ext/standard/php_smart_string.h | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/ext/standard/php_smart_string.h b/ext/standard/php_smart_string.h index 58c319a5a5..7038cff9bb 100644 --- a/ext/standard/php_smart_string.h +++ b/ext/standard/php_smart_string.h @@ -52,19 +52,22 @@ #define SMART_STRING_DO_REALLOC(d, what) \ (d)->c = SMART_STRING_REALLOC((d)->c, (d)->a + 1, (what)) -#define smart_string_alloc4(d, n, what, newlen) do { \ +#define smart_string_alloc4(d, n, what, newlen) do { \ if (!(d)->c) { \ (d)->len = 0; \ newlen = (n); \ - (d)->a = newlen < SMART_STRING_START_SIZE \ - ? SMART_STRING_START_SIZE \ - : newlen + SMART_STRING_PREALLOC; \ - SMART_STRING_DO_REALLOC(d, what); \ + (d)->a = newlen < SMART_STRING_START_SIZE \ + ? SMART_STRING_START_SIZE \ + : newlen + SMART_STRING_PREALLOC; \ + SMART_STRING_DO_REALLOC(d, what); \ } else { \ + if(UNEXPECTED(n > SIZE_MAX - (d)->len)) { \ + zend_error(E_ERROR, "String size overflow"); \ + } \ newlen = (d)->len + (n); \ if (newlen >= (d)->a) { \ - (d)->a = newlen + SMART_STRING_PREALLOC; \ - SMART_STRING_DO_REALLOC(d, what); \ + (d)->a = newlen + SMART_STRING_PREALLOC; \ + SMART_STRING_DO_REALLOC(d, what); \ } \ } \ } while (0) |