clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Really fix bug #73017

Browse Source
This commit is contained in:
Stanislav Malyshev 2016-10-03 18:06:59 -07:00
parent f9d4b1a3f1
commit 631173aa5c
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ext/standard/string.c
View File

@ -883,11 +883,12 @@ PHP_FUNCTION(wordwrap)
{
const char *text, *breakchar = "\n";
char *newtext;
int textlen, breakcharlen = 1, newtextlen, chk;
int textlen, breakcharlen = 1, chk;
size_t alloced;
long current = 0, laststart = 0, lastspace = 0;
size_t current = 0, laststart = 0, lastspace = 0;
long linelength = 75;
zend_bool docut = 0;
size_t newtextlen;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|lsb", &text, &textlen, &linelength, &breakchar, &breakcharlen, &docut) == FAILURE) {
return;
@ -907,6 +908,11 @@ PHP_FUNCTION(wordwrap)
RETURN_FALSE;
}
if (linelength < 0 || linelength > INT_MAX) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length should be between 0 and %d", INT_MAX);
RETURN_FALSE;
}
/* Special case for a single-character break as it needs no
additional storage space */
if (breakcharlen == 1 && !docut) {
@ -934,10 +940,10 @@ PHP_FUNCTION(wordwrap)
if (linelength > 0) {
chk = (int)(textlen/linelength + 1);
newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
alloced = textlen + chk * breakcharlen + 1;
alloced = (size_t)textlen + chk * (size_t)breakcharlen + 1;
} else {
chk = textlen;
alloced = textlen * (breakcharlen + 1) + 1;
alloced = (size_t)textlen * ((size_t)breakcharlen + 1) + 1;
newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
}