archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-21 01:45:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'PHP-5.4'

Browse source 
* PHP-5.4:
  Fix potential integer overflow in nl2br
  Fix potential integer overflow in bin2hex
This commit is contained in:
Nikita Popov 2012-07-05 21:00:16 +02:00
commit ed54357fcd
1 changed files with 7 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

13
ext/standard/string.c
View file

@ -131,7 +131,7 @@ static char *php_bin2hex(const unsigned char *old, const size_t oldlen, size_t *
register unsigned char *result = NULL;
size_t i, j;
result = (unsigned char *) safe_emalloc(oldlen * 2, sizeof(char), 1);
result = (unsigned char *) safe_emalloc(oldlen, 2 * sizeof(char), 1);
for (i = j = 0; i < oldlen; i++) {
result[j++] = hexconvtab[old[i] >> 4];
@ -4029,13 +4029,12 @@ PHP_FUNCTION(nl2br)
RETURN_STRINGL(str, str_len, 1);
}
if (is_xhtml) {
new_length = str_len + repl_cnt * (sizeof("<br />") - 1);
} else {
new_length = str_len + repl_cnt * (sizeof("<br>") - 1);
}
{
size_t repl_len = is_xhtml ? (sizeof("<br />") - 1) : (sizeof("<br>") - 1);
tmp = target = emalloc(new_length + 1);
new_length = str_len + repl_cnt * repl_len;
tmp = target = safe_emalloc(repl_cnt, repl_len, str_len + 1);
}
while (str < end) {
switch (*str) {