summaryrefslogtreecommitdiff
path: root/ext/standard/string.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/standard/string.c')
-rw-r--r--ext/standard/string.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 7bc2159871..e22207dcb9 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -13,7 +13,7 @@
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: Rasmus Lerdorf <rasmus@php.net> |
- | Stig Sæther Bakken <ssb@php.net> |
+ | Stig S�ther Bakken <ssb@php.net> |
| Zeev Suraski <zeev@zend.com> |
+----------------------------------------------------------------------+
*/
@@ -1443,7 +1443,7 @@ PHPAPI void php_basename(const char *s, size_t len, char *suffix, size_t sufflen
}
#if defined(PHP_WIN32) || defined(NETWARE)
/* Catch relative paths in c:file.txt style. They're not to confuse
- with the NTFS streams. This part ensures also, that no drive
+ with the NTFS streams. This part ensures also, that no drive
letter traversing happens. */
} else if ((*c == ':' && (c - comp == 1))) {
if (state == 0) {
@@ -4949,6 +4949,10 @@ PHP_FUNCTION(str_repeat)
/* Initialize the result string */
result_len = input_len * mult;
+ if(result_len > INT_MAX) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Result is too big, maximum %d allowed", INT_MAX);
+ RETURN_EMPTY_STRING();
+ }
result = (char *)safe_emalloc(input_len, mult, 1);
/* Heavy optimization for situations where input string is 1 byte long */