mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
Really fix bug #73017
This commit is contained in:
parent
f9d4b1a3f1
commit
631173aa5c
@ -883,11 +883,12 @@ PHP_FUNCTION(wordwrap)
|
||||
{
|
||||
const char *text, *breakchar = "\n";
|
||||
char *newtext;
|
||||
int textlen, breakcharlen = 1, newtextlen, chk;
|
||||
int textlen, breakcharlen = 1, chk;
|
||||
size_t alloced;
|
||||
long current = 0, laststart = 0, lastspace = 0;
|
||||
size_t current = 0, laststart = 0, lastspace = 0;
|
||||
long linelength = 75;
|
||||
zend_bool docut = 0;
|
||||
size_t newtextlen;
|
||||
|
||||
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|lsb", &text, &textlen, &linelength, &breakchar, &breakcharlen, &docut) == FAILURE) {
|
||||
return;
|
||||
@ -907,6 +908,11 @@ PHP_FUNCTION(wordwrap)
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
if (linelength < 0 || linelength > INT_MAX) {
|
||||
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length should be between 0 and %d", INT_MAX);
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
/* Special case for a single-character break as it needs no
|
||||
additional storage space */
|
||||
if (breakcharlen == 1 && !docut) {
|
||||
@ -934,10 +940,10 @@ PHP_FUNCTION(wordwrap)
|
||||
if (linelength > 0) {
|
||||
chk = (int)(textlen/linelength + 1);
|
||||
newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
|
||||
alloced = textlen + chk * breakcharlen + 1;
|
||||
alloced = (size_t)textlen + chk * (size_t)breakcharlen + 1;
|
||||
} else {
|
||||
chk = textlen;
|
||||
alloced = textlen * (breakcharlen + 1) + 1;
|
||||
alloced = (size_t)textlen * ((size_t)breakcharlen + 1) + 1;
|
||||
newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user