Merge branch 'PHP-7.0.4' into PHP-7.0

* PHP-7.0.4: Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() Fix bug #71637: Multiple Heap Overflow due to integer overflows set versions Conflicts: configure.in main/php_version.h
author: Stanislav Malyshev <stas@php.net> 2016-03-01 22:22:47 -0800
committer: Stanislav Malyshev <stas@php.net> 2016-03-01 22:22:47 -0800
commit: 6f8585fc7de0e26f9c447269fb26f5a112f15d67 (patch)
tree: 25114b6ddcc094b70a432de137080bec1840c272 /ext/xml/xml.c
parent: 3fb566f47531a232544cb5d1361f15f26e0ca02c (diff)
parent: eaf4e77190d402ea014207e9a7d5da1a4f3727ba (diff)
download: php-git-6f8585fc7de0e26f9c447269fb26f5a112f15d67.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index d6eae46583..bfa1b85b99 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -581,7 +581,7 @@ PHP_XML_API zend_string *xml_utf8_encode(const char *s, size_t len, const XML_Ch
 	}
 	/* This is the theoretical max (will never get beyond len * 2 as long
 	 * as we are converting from single-byte characters, though) */
-	str = zend_string_alloc(len * 4, 0);
+	str = zend_string_safe_alloc(len, 4, 0, 0);
 	ZSTR_LEN(str) = 0;
 	while (pos > 0) {
 		c = encoder ? encoder((unsigned char)(*s)) : (unsigned short)(*s);
author	Stanislav Malyshev <stas@php.net>	2016-03-01 22:22:47 -0800
committer	Stanislav Malyshev <stas@php.net>	2016-03-01 22:22:47 -0800
commit	6f8585fc7de0e26f9c447269fb26f5a112f15d67 (patch)
tree	25114b6ddcc094b70a432de137080bec1840c272 /ext/xml/xml.c
parent	3fb566f47531a232544cb5d1361f15f26e0ca02c (diff)
parent	eaf4e77190d402ea014207e9a7d5da1a4f3727ba (diff)
download	php-git-6f8585fc7de0e26f9c447269fb26f5a112f15d67.tar.gz