summaryrefslogtreecommitdiff
path: root/ext/intl
diff options
context:
space:
mode:
Diffstat (limited to 'ext/intl')
-rw-r--r--ext/intl/intl_convert.c2
-rw-r--r--ext/intl/locale/locale_methods.c7
-rw-r--r--ext/intl/msgformat/msgformat_data.c2
3 files changed, 9 insertions, 2 deletions
diff --git a/ext/intl/intl_convert.c b/ext/intl/intl_convert.c
index 2ae43fbb96..5092b7594f 100644
--- a/ext/intl/intl_convert.c
+++ b/ext/intl/intl_convert.c
@@ -53,7 +53,7 @@ void intl_convert_utf8_to_utf16(
UErrorCode* status )
{
UChar* dst_buf = NULL;
- int32_t dst_len = 0;
+ uint32_t dst_len = 0;
/* If *target is NULL determine required destination buffer size (pre-flighting).
* Otherwise, attempt to convert source string; if *target buffer is not large enough
diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c
index 18a051fe20..12cf6c1ce3 100644
--- a/ext/intl/locale/locale_methods.c
+++ b/ext/intl/locale/locale_methods.c
@@ -268,6 +268,9 @@ static zend_string* get_icu_value_internal( const char* loc_name , char* tag_nam
int32_t buflen = 512;
UErrorCode status = U_ZERO_ERROR;
+ if (strlen(loc_name) > INTL_MAX_LOCALE_LEN) {
+ return NULL;
+ }
if( strcmp(tag_name, LOC_CANONICALIZE_TAG) != 0 ){
/* Handle grandfathered languages */
@@ -713,6 +716,8 @@ PHP_FUNCTION( locale_get_keywords )
RETURN_FALSE;
}
+ INTL_CHECK_LOCALE_LEN(strlen(loc_name));
+
if(loc_name_len == 0) {
loc_name = intl_locale_get_default();
}
@@ -1120,6 +1125,8 @@ PHP_FUNCTION(locale_parse)
RETURN_FALSE;
}
+ INTL_CHECK_LOCALE_LEN(strlen(loc_name));
+
if(loc_name_len == 0) {
loc_name = intl_locale_get_default();
}
diff --git a/ext/intl/msgformat/msgformat_data.c b/ext/intl/msgformat/msgformat_data.c
index b35c7c2281..e2510e16b8 100644
--- a/ext/intl/msgformat/msgformat_data.c
+++ b/ext/intl/msgformat/msgformat_data.c
@@ -83,7 +83,7 @@ msgformat_data* msgformat_data_create( void )
int msgformat_fix_quotes(UChar **spattern, uint32_t *spattern_len, UErrorCode *ec)
{
if(*spattern && *spattern_len && u_strchr(*spattern, (UChar)'\'')) {
- UChar *npattern = emalloc(sizeof(UChar)*(2*(*spattern_len)+1));
+ UChar *npattern = safe_emalloc(sizeof(UChar)*2, *spattern_len, sizeof(UChar));
uint32_t npattern_len;
npattern_len = umsg_autoQuoteApostrophe(*spattern, *spattern_len, npattern, 2*(*spattern_len)+1, ec);
efree(*spattern);
View Lorry Controller Status