diff options
| -rw-r--r-- | ext/ereg/ereg.c | 12 | ||||
| -rw-r--r-- | ext/standard/array.c | 38 | ||||
| -rw-r--r-- | ext/standard/exec.c | 4 | ||||
| -rw-r--r-- | ext/standard/file.c | 6 | ||||
| -rw-r--r-- | ext/standard/filestat.c | 2 | ||||
| -rw-r--r-- | ext/standard/formatted_print.c | 4 | ||||
| -rw-r--r-- | ext/standard/levenshtein.c | 4 | ||||
| -rw-r--r-- | ext/standard/metaphone.c | 4 | ||||
| -rw-r--r-- | ext/standard/pack.c | 6 | ||||
| -rw-r--r-- | ext/standard/reg.c | 12 | ||||
| -rw-r--r-- | ext/standard/scanf.c | 8 | ||||
| -rw-r--r-- | ext/standard/string.c | 16 | ||||
| -rw-r--r-- | ext/standard/url.c | 4 | ||||
| -rw-r--r-- | ext/standard/var.c | 4 | ||||
| -rw-r--r-- | ext/standard/versioning.c | 2 |
15 files changed, 63 insertions, 63 deletions
diff --git a/ext/ereg/ereg.c b/ext/ereg/ereg.c index eafc99be12..b31c5f7d85 100644 --- a/ext/ereg/ereg.c +++ b/ext/ereg/ereg.c @@ -118,7 +118,7 @@ static void php_reg_eprint(int err, regex_t *re) { /* get the length of the message */ buf_len = regerror(REG_ITOA | err, re, NULL, 0); if (buf_len) { - buf = (char *)emalloc(buf_len * sizeof(char)); + buf = (char *)safe_emalloc(buf_len, sizeof(char), 0); if (!buf) return; /* fail silently */ /* finally, get the error message */ regerror(REG_ITOA | err, re, buf, buf_len); @@ -130,7 +130,7 @@ static void php_reg_eprint(int err, regex_t *re) { if (len) { TSRMLS_FETCH(); - message = (char *)emalloc((buf_len + len + 2) * sizeof(char)); + message = (char *)safe_emalloc((buf_len + len + 2), sizeof(char), 0); if (!message) { return; /* fail silently */ } @@ -298,7 +298,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha /* start with a buffer that is twice the size of the stringo we're doing replacements in */ buf_len = 2 * string_len + 1; - buf = emalloc(buf_len * sizeof(char)); + buf = safe_emalloc(buf_len, sizeof(char), 0); err = pos = 0; buf[0] = '\0'; @@ -373,7 +373,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha new_l = strlen (buf) + 1; if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; - nbuf = emalloc(buf_len * sizeof(char)); + nbuf = safe_emalloc(buf_len, sizeof(char), 0); strcpy(nbuf, buf); efree(buf); buf = nbuf; @@ -388,7 +388,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha new_l = strlen(buf) + strlen(&string[pos]); if (new_l + 1 > buf_len) { buf_len = new_l + 1; /* now we know exactly how long it is */ - nbuf = emalloc(buf_len * sizeof(char)); + nbuf = safe_emalloc(buf_len, sizeof(char), 0); strcpy(nbuf, buf); efree(buf); buf = nbuf; @@ -607,7 +607,7 @@ PHPAPI PHP_FUNCTION(sql_regcase) } convert_to_string_ex(string); - tmp = emalloc((Z_STRLEN_PP(string) * 4) + 1); + tmp = safe_emalloc(Z_STRLEN_PP(string), 4, 1); for (i = j = 0; i < Z_STRLEN_PP(string); i++) { c = (unsigned char) Z_STRVAL_PP(string)[i]; diff --git a/ext/standard/array.c b/ext/standard/array.c index 0bcbc782e1..335b4d54a2 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -880,7 +880,7 @@ PHP_FUNCTION(min) RETURN_FALSE; } } else { - pval ***args = (pval ***) emalloc(sizeof(pval **)*ZEND_NUM_ARGS()); + pval ***args = (pval ***) safe_emalloc(sizeof(pval **), ZEND_NUM_ARGS(), 0); pval **min, result; int i; @@ -932,7 +932,7 @@ PHP_FUNCTION(max) RETURN_FALSE; } } else { - pval ***args = (pval ***) emalloc(sizeof(pval **)*ZEND_NUM_ARGS()); + pval ***args = (pval ***) safe_emalloc(sizeof(pval **), ZEND_NUM_ARGS(), 0); pval **max, result; int i; @@ -1419,7 +1419,7 @@ PHP_FUNCTION(compact) zval ***args; /* function arguments array */ int i; - args = (zval ***)emalloc(ZEND_NUM_ARGS() * sizeof(zval **)); + args = (zval ***)safe_emalloc(ZEND_NUM_ARGS(), sizeof(zval **), 0); if (zend_get_parameters_array_ex(ZEND_NUM_ARGS(), args) == FAILURE) { efree(args); @@ -1643,7 +1643,7 @@ static void array_data_shuffle(zval *array TSRMLS_DC) return; } - elems = (Bucket **)emalloc(n_elems * sizeof(Bucket *)); + elems = (Bucket **)safe_emalloc(n_elems, sizeof(Bucket *), 0); hash = Z_ARRVAL_P(array); n_left = n_elems; @@ -1818,7 +1818,7 @@ PHP_FUNCTION(array_push) } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; @@ -1947,7 +1947,7 @@ PHP_FUNCTION(array_unshift) } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; @@ -1997,7 +1997,7 @@ PHP_FUNCTION(array_splice) } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; @@ -2026,7 +2026,7 @@ PHP_FUNCTION(array_splice) /* Create the array of replacement elements */ repl_num = zend_hash_num_elements(Z_ARRVAL_PP(args[3])); - repl = (zval ***)emalloc(repl_num * sizeof(zval **)); + repl = (zval ***)safe_emalloc(repl_num, sizeof(zval **), 0); for (p=Z_ARRVAL_PP(args[3])->pListHead, i=0; p; p=p->pListNext, i++) { repl[i] = ((zval **)p->pData); } @@ -2204,7 +2204,7 @@ static void php_array_merge_wrapper(INTERNAL_FUNCTION_PARAMETERS, int recursive) } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; @@ -2503,7 +2503,7 @@ PHP_FUNCTION(array_pad) php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may only pad up to 1048576 elements at a time"); RETURN_FALSE; } - pads = (zval ***)emalloc(num_pads * sizeof(zval **)); + pads = (zval ***)safe_emalloc(num_pads, sizeof(zval **), 0); for (i = 0; i < num_pads; i++) { pads[i] = pad_value; } @@ -2711,14 +2711,14 @@ static void php_array_intersect(INTERNAL_FUNCTION_PARAMETERS, int behavior) WRONG_PARAM_COUNT; } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; } /* for each argument, create and sort list with pointers to the hash buckets */ - lists = (Bucket ***)emalloc(argc * sizeof(Bucket **)); - ptrs = (Bucket ***)emalloc(argc * sizeof(Bucket **)); + lists = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0); + ptrs = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0); set_compare_func(SORT_STRING TSRMLS_CC); for (i=0; i<argc; i++) { if (Z_TYPE_PP(args[i]) != IS_ARRAY) { @@ -2868,14 +2868,14 @@ static void php_array_diff(INTERNAL_FUNCTION_PARAMETERS, int behavior) WRONG_PARAM_COUNT; } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; } /* for each argument, create and sort list with pointers to the hash buckets */ - lists = (Bucket ***)emalloc(argc * sizeof(Bucket **)); - ptrs = (Bucket ***)emalloc(argc * sizeof(Bucket **)); + lists = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0); + ptrs = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0); set_compare_func(SORT_STRING TSRMLS_CC); for (i = 0; i < argc; i++) { if (Z_TYPE_PP(args[i]) != IS_ARRAY) { @@ -3061,7 +3061,7 @@ PHP_FUNCTION(array_multisort) } /* Allocate arguments array and get the arguments, checking for errors. */ - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; @@ -3163,9 +3163,9 @@ PHP_FUNCTION(array_multisort) * of the input arrays + 1. The last column is NULL to indicate the end * of the row. */ - indirect = (Bucket ***)emalloc(array_size * sizeof(Bucket **)); + indirect = (Bucket ***)safe_emalloc(array_size, sizeof(Bucket **), 0); for (i = 0; i < array_size; i++) - indirect[i] = (Bucket **)emalloc((num_arrays+1) * sizeof(Bucket *)); + indirect[i] = (Bucket **)safe_emalloc((num_arrays+1), sizeof(Bucket *), 0); for (i = 0; i < num_arrays; i++) { k = 0; diff --git a/ext/standard/exec.c b/ext/standard/exec.c index eda62caf1c..671f6ffd14 100644 --- a/ext/standard/exec.c +++ b/ext/standard/exec.c @@ -263,7 +263,7 @@ char *php_escape_shell_cmd(char *str) { char *p = NULL; l = strlen(str); - cmd = emalloc(2 * l + 1); + cmd = safe_emalloc(2, l, 1); for (x = 0, y = 0; x < l; x++) { switch (str[x]) { @@ -320,7 +320,7 @@ char *php_escape_shell_arg(char *str) { y = 0; l = strlen(str); - cmd = emalloc(4 * l + 3); /* worst case */ + cmd = safe_emalloc(4, l, 3); /* worst case */ cmd[y++] = '\''; diff --git a/ext/standard/file.c b/ext/standard/file.c index 6b5c9a30ba..b59c79a802 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -953,7 +953,7 @@ PHPAPI PHP_FUNCTION(fgetc) php_stream_from_zval(stream, arg1); - buf = emalloc(2 * sizeof(char)); + buf = safe_emalloc(2, sizeof(char), 0); result = php_stream_getc(stream); @@ -1019,7 +1019,7 @@ PHPAPI PHP_FUNCTION(fgetss) } len = (size_t) Z_LVAL_PP(bytes); - buf = emalloc(sizeof(char) * (len + 1)); + buf = safe_emalloc(sizeof(char), (len + 1), 0); /*needed because recv doesnt set null char at end*/ memset(buf, 0, len + 1); } @@ -1055,7 +1055,7 @@ PHP_FUNCTION(fscanf) if (argCount < 2) { WRONG_PARAM_COUNT; } - args = (zval ***)emalloc(argCount * sizeof(zval **)); + args = (zval ***)safe_emalloc(argCount, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argCount, args) == FAILURE) { efree( args ); WRONG_PARAM_COUNT; diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c index 6f83dc09a3..184bf7c974 100644 --- a/ext/standard/filestat.c +++ b/ext/standard/filestat.c @@ -644,7 +644,7 @@ static void php_stat(const char *filename, php_stat_len filename_length, int typ groups = getgroups(0, NULL); if(groups) { - gids=(gid_t *)emalloc(groups*sizeof(gid_t)); + gids=(gid_t *)safe_emalloc(groups, sizeof(gid_t), 0); n=getgroups(groups, gids); for(i=0;i<n;i++){ if(BG(sb).st_gid==gids[i]) { diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c index 83594a8400..4d141afc45 100644 --- a/ext/standard/formatted_print.c +++ b/ext/standard/formatted_print.c @@ -471,7 +471,7 @@ php_formatted_print(int ht, int *len, int use_array, int format_offset TSRMLS_DC || (!use_array && argc < (1 + format_offset))) { WRONG_PARAM_COUNT_WITH_RETVAL(NULL); } - args = (zval ***)emalloc(argc * sizeof(zval *)); + args = (zval ***)safe_emalloc(argc, sizeof(zval *), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); @@ -490,7 +490,7 @@ php_formatted_print(int ht, int *len, int use_array, int format_offset TSRMLS_DC convert_to_array_ex(array); argc = 1 + zend_hash_num_elements(Z_ARRVAL_PP(array)); - newargs = (zval ***)emalloc(argc * sizeof(zval *)); + newargs = (zval ***)safe_emalloc(argc, sizeof(zval *), 0); newargs[0] = z_format; for (zend_hash_internal_pointer_reset(Z_ARRVAL_PP(array)); diff --git a/ext/standard/levenshtein.c b/ext/standard/levenshtein.c index 1d447ef745..bf99059b7f 100644 --- a/ext/standard/levenshtein.c +++ b/ext/standard/levenshtein.c @@ -40,10 +40,10 @@ static int reference_levdist(const char *s1, int l1, if((l1>LEVENSHTEIN_MAX_LENTH)||(l2>LEVENSHTEIN_MAX_LENTH)) return -1; - if(!(p1=emalloc((l2+1)*sizeof(int)))) { + if(!(p1=safe_emalloc((l2+1), sizeof(int), 0))) { return -2; } - if(!(p2=emalloc((l2+1)*sizeof(int)))) { + if(!(p2=safe_emalloc((l2+1), sizeof(int), 0))) { free(p1); return -2; } diff --git a/ext/standard/metaphone.c b/ext/standard/metaphone.c index db985c282e..829164350e 100644 --- a/ext/standard/metaphone.c +++ b/ext/standard/metaphone.c @@ -183,10 +183,10 @@ static int metaphone(char *word, int word_len, int max_phonemes, char **phoned_w /*-- Allocate memory for our phoned_phrase --*/ if (max_phonemes == 0) { /* Assume largest possible */ max_buffer_len = word_len; - *phoned_word = emalloc(sizeof(char) * word_len + 1); + *phoned_word = safe_emalloc(sizeof(char), word_len, 1); } else { max_buffer_len = max_phonemes; - *phoned_word = emalloc(sizeof(char) * max_phonemes + 1); + *phoned_word = safe_emalloc(sizeof(char), max_phonemes, 1); } diff --git a/ext/standard/pack.c b/ext/standard/pack.c index 8a5a97678a..5678ecbbf8 100644 --- a/ext/standard/pack.c +++ b/ext/standard/pack.c @@ -120,7 +120,7 @@ PHP_FUNCTION(pack) WRONG_PARAM_COUNT; } - argv = emalloc(argc * sizeof(zval **)); + argv = safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, argv) == FAILURE) { efree(argv); @@ -132,8 +132,8 @@ PHP_FUNCTION(pack) formatlen = Z_STRLEN_PP(argv[0]); /* We have a maximum of <formatlen> format codes to deal with */ - formatcodes = emalloc(formatlen * sizeof(*formatcodes)); - formatargs = emalloc(formatlen * sizeof(*formatargs)); + formatcodes = safe_emalloc(formatlen, sizeof(*formatcodes), 0); + formatargs = safe_emalloc(formatlen, sizeof(*formatargs), 0); currentarg = 1; /* Preprocess format into formatcodes and formatargs */ diff --git a/ext/standard/reg.c b/ext/standard/reg.c index eafc99be12..b31c5f7d85 100644 --- a/ext/standard/reg.c +++ b/ext/standard/reg.c @@ -118,7 +118,7 @@ static void php_reg_eprint(int err, regex_t *re) { /* get the length of the message */ buf_len = regerror(REG_ITOA | err, re, NULL, 0); if (buf_len) { - buf = (char *)emalloc(buf_len * sizeof(char)); + buf = (char *)safe_emalloc(buf_len, sizeof(char), 0); if (!buf) return; /* fail silently */ /* finally, get the error message */ regerror(REG_ITOA | err, re, buf, buf_len); @@ -130,7 +130,7 @@ static void php_reg_eprint(int err, regex_t *re) { if (len) { TSRMLS_FETCH(); - message = (char *)emalloc((buf_len + len + 2) * sizeof(char)); + message = (char *)safe_emalloc((buf_len + len + 2), sizeof(char), 0); if (!message) { return; /* fail silently */ } @@ -298,7 +298,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha /* start with a buffer that is twice the size of the stringo we're doing replacements in */ buf_len = 2 * string_len + 1; - buf = emalloc(buf_len * sizeof(char)); + buf = safe_emalloc(buf_len, sizeof(char), 0); err = pos = 0; buf[0] = '\0'; @@ -373,7 +373,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha new_l = strlen (buf) + 1; if (new_l + 1 > buf_len) { buf_len = 1 + buf_len + 2 * new_l; - nbuf = emalloc(buf_len * sizeof(char)); + nbuf = safe_emalloc(buf_len, sizeof(char), 0); strcpy(nbuf, buf); efree(buf); buf = nbuf; @@ -388,7 +388,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha new_l = strlen(buf) + strlen(&string[pos]); if (new_l + 1 > buf_len) { buf_len = new_l + 1; /* now we know exactly how long it is */ - nbuf = emalloc(buf_len * sizeof(char)); + nbuf = safe_emalloc(buf_len, sizeof(char), 0); strcpy(nbuf, buf); efree(buf); buf = nbuf; @@ -607,7 +607,7 @@ PHPAPI PHP_FUNCTION(sql_regcase) } convert_to_string_ex(string); - tmp = emalloc((Z_STRLEN_PP(string) * 4) + 1); + tmp = safe_emalloc(Z_STRLEN_PP(string), 4, 1); for (i = j = 0; i < Z_STRLEN_PP(string); i++) { c = (unsigned char) Z_STRVAL_PP(string)[i]; diff --git a/ext/standard/scanf.c b/ext/standard/scanf.c index a30f267135..832272134e 100644 --- a/ext/standard/scanf.c +++ b/ext/standard/scanf.c @@ -175,9 +175,9 @@ static char * BuildCharSet(CharSet *cset, char *format) ch = end++; } - cset->chars = (char *) emalloc(sizeof(char) * (end - format - 1)); + cset->chars = (char *) safe_emalloc(sizeof(char), (end - format - 1), 0); if (nranges > 0) { - cset->ranges = (struct Range *) emalloc(sizeof(struct Range)*nranges); + cset->ranges = (struct Range *) safe_emalloc(sizeof(struct Range), nranges, 0); } else { cset->ranges = NULL; } @@ -337,7 +337,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs) */ if (numVars > nspace) { - nassign = (int*)emalloc(sizeof(int) * numVars); + nassign = (int*)safe_emalloc(sizeof(int), numVars, 0); nspace = numVars; } for (i = 0; i < nspace; i++) { @@ -513,7 +513,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs) nspace += STATIC_LIST_SIZE; } if (nassign == staticAssign) { - nassign = (void *)emalloc(nspace * sizeof(int)); + nassign = (void *)safe_emalloc(nspace, sizeof(int), 0); for (i = 0; i < STATIC_LIST_SIZE; ++i) { nassign[i] = staticAssign[i]; } diff --git a/ext/standard/string.c b/ext/standard/string.c index c8fc17afef..ae1f71c364 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -118,7 +118,7 @@ static char *php_bin2hex(const unsigned char *old, const size_t oldlen, size_t * register unsigned char *result = NULL; size_t i, j; - result = (char *) emalloc(oldlen * 2 * sizeof(char) + 1); + result = (char *) safe_emalloc(oldlen * 2, sizeof(char), 1); for (i = j = 0; i < oldlen; i++) { result[j++] = hexconvtab[old[i] >> 4]; @@ -1707,7 +1707,7 @@ static char *php_chunk_split(char *src, int srclen, char *end, int endlen, int c chunks = srclen / chunklen; restlen = srclen - chunks * chunklen; /* srclen % chunklen */ - dest = emalloc((srclen + (chunks + 1) * endlen + 1) * sizeof(char)); + dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1), sizeof(char), 0); for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) { memcpy(q, p, chunklen); @@ -2100,7 +2100,7 @@ PHP_FUNCTION(quotemeta) RETURN_FALSE; } - str = emalloc(2 * Z_STRLEN_PP(arg) + 1); + str = safe_emalloc(2, Z_STRLEN_PP(arg), 1); for (p = old, q = str; p != old_end; p++) { c = *p; @@ -2727,7 +2727,7 @@ PHPAPI void php_stripcslashes(char *str, int *len) PHPAPI char *php_addcslashes(char *str, int length, int *new_length, int should_free, char *what, int wlength TSRMLS_DC) { char flags[256]; - char *new_str = emalloc((length?length:(length=strlen(str)))*4+1); + char *new_str = safe_emalloc(4, (length?length:(length=strlen(str))), 1); char *source, *target; char *end; char c; @@ -2795,7 +2795,7 @@ PHPAPI char *php_addslashes(char *str, int length, int *new_length, int should_f *new_length = 0; return str; } - new_str = (char *) emalloc((length ? length : (length = strlen(str))) * 2 + 1); + new_str = (char *) safe_emalloc(2, (length ? length : (length = strlen(str))), 1); source = str; end = source + length; target = new_str; @@ -2948,7 +2948,7 @@ PHPAPI char *php_str_to_str_ex(char *haystack, int length, if (str_len < needle_len) { new_str = emalloc(length + 1); } else { - new_str = emalloc((length / needle_len + 1) * str_len); + new_str = safe_emalloc((length / needle_len + 1), str_len, 0); } e = s = new_str; @@ -3553,7 +3553,7 @@ PHP_FUNCTION(strip_tags) Set locale information */ PHP_FUNCTION(setlocale) { - pval ***args = (pval ***) emalloc(sizeof(pval **)*ZEND_NUM_ARGS()); + pval ***args = (pval ***) safe_emalloc(sizeof(pval **), ZEND_NUM_ARGS(), 0); zval **pcategory, **plocale; int i, cat, n_args=ZEND_NUM_ARGS(); char *loc, *retval; @@ -4409,7 +4409,7 @@ PHP_FUNCTION(sscanf) WRONG_PARAM_COUNT; } - args = (zval ***) emalloc(argc * sizeof(zval **)); + args = (zval ***) safe_emalloc(argc, sizeof(zval **), 0); if (zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; diff --git a/ext/standard/url.c b/ext/standard/url.c index 541530c074..3da9f66d94 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -369,7 +369,7 @@ PHPAPI char *php_url_encode(char *s, int len, int *new_length) from = s; end = s + len; - start = to = (unsigned char *) emalloc(3 * len + 1); + start = to = (unsigned char *) safe_emalloc(3, len, 1); while (from < end) { c = *from++; @@ -476,7 +476,7 @@ PHPAPI char *php_raw_url_encode(char *s, int len, int *new_length) register int x, y; unsigned char *str; - str = (unsigned char *) emalloc(3 * len + 1); + str = (unsigned char *) safe_emalloc(3, len, 1); for (x = 0, y = 0; len--; x++, y++) { str[y] = (unsigned char) s[x]; #ifndef CHARSET_EBCDIC diff --git a/ext/standard/var.c b/ext/standard/var.c index eac33b05d3..a2fcdb4755 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -141,7 +141,7 @@ PHP_FUNCTION(var_dump) argc = ZEND_NUM_ARGS(); - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (ZEND_NUM_ARGS() == 0 || zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; @@ -245,7 +245,7 @@ PHP_FUNCTION(debug_zval_dump) argc = ZEND_NUM_ARGS(); - args = (zval ***)emalloc(argc * sizeof(zval **)); + args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0); if (ZEND_NUM_ARGS() == 0 || zend_get_parameters_array_ex(argc, args) == FAILURE) { efree(args); WRONG_PARAM_COUNT; diff --git a/ext/standard/versioning.c b/ext/standard/versioning.c index 6a259dc035..70c04dab05 100644 --- a/ext/standard/versioning.c +++ b/ext/standard/versioning.c @@ -34,7 +34,7 @@ PHPAPI char * php_canonicalize_version(const char *version) { int len = strlen(version); - char *buf = emalloc(len * 2 + 1), *q, lp, lq; + char *buf = safe_emalloc(len, 2, 1), *q, lp, lq; const char *p; if (len == 0) { |