clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-24 03:17:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check for string overflow

Browse Source
This commit is contained in:
Stanislav Malyshev 2016-08-10 23:46:33 -07:00
parent 4f6a97f532
commit 7bf6d98535
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ext/standard/php_smart_string.h
View File

@ -52,19 +52,22 @@
#define SMART_STRING_DO_REALLOC(d, what) \
(d)->c = SMART_STRING_REALLOC((d)->c, (d)->a + 1, (what))
#define smart_string_alloc4(d, n, what, newlen) do { \
#define smart_string_alloc4(d, n, what, newlen) do { \
if (!(d)->c) { \
(d)->len = 0; \
newlen = (n); \
(d)->a = newlen < SMART_STRING_START_SIZE \
? SMART_STRING_START_SIZE \
: newlen + SMART_STRING_PREALLOC; \
SMART_STRING_DO_REALLOC(d, what); \
(d)->a = newlen < SMART_STRING_START_SIZE \
? SMART_STRING_START_SIZE \
: newlen + SMART_STRING_PREALLOC; \
SMART_STRING_DO_REALLOC(d, what); \
} else { \
if(UNEXPECTED(n > SIZE_MAX - (d)->len)) { \
zend_error(E_ERROR, "String size overflow"); \
} \
newlen = (d)->len + (n); \
if (newlen >= (d)->a) { \
(d)->a = newlen + SMART_STRING_PREALLOC; \
SMART_STRING_DO_REALLOC(d, what); \
(d)->a = newlen + SMART_STRING_PREALLOC; \
SMART_STRING_DO_REALLOC(d, what); \
} \
} \
} while (0)