clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

emalloc -> safe_emalloc

Browse Source 
Fixed possible buffer overflow in pg_lo_read()
This commit is contained in:
Ilia Alshanetsky 2003-04-25 21:59:58 +00:00
parent b83fc1a802
commit ab0e80d42f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ext/pgsql/pgsql.c
View File

@ -1968,7 +1968,7 @@ PHP_FUNCTION(pg_lo_read)
buf_len = Z_LVAL_PP(len);
}
buf = (char *) emalloc(sizeof(char)*(buf_len+1));
buf = (char *) safe_emalloc(sizeof(char), (buf_len+1), 0);
if ((nbytes = lo_read((PGconn *)pgsql->conn, pgsql->lofd, buf, buf_len))<0) {
efree(buf);
RETURN_FALSE;
@ -2622,7 +2622,7 @@ PHP_FUNCTION(pg_escape_string)
return;
}
to = (char *)emalloc(from_len*2+1);
to = (char *)safe_emalloc(from_len, 2, 1);
to_len = (int)PQescapeString(to, from, from_len);
RETURN_STRINGL(to, to_len, 0);
}
@ -3566,7 +3566,7 @@ PHPAPI int php_pgsql_convert(PGconn *pg_link, const char *table_name, const zval
#if HAVE_PQESCAPE
{
char *tmp;
tmp = (char *)emalloc(Z_STRLEN_PP(val)*2+1);
tmp = (char *)safe_emalloc(Z_STRLEN_PP(val), 2, 1);
Z_STRLEN_P(new_val) = (int)PQescapeString(tmp, Z_STRVAL_PP(val), Z_STRLEN_PP(val));
Z_STRVAL_P(new_val) = tmp;
}