php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

xml: Use safe_emalloc() correctly

Browse Source 
Fortunately, libxml won't allow _at this point in time_ to have more
than INT_MAX/5 attributes, so this doesn't cause issues right now.
However, if this limit is ever raised then it can cause an integer
overflow which will cause a heap overflow.
So future-proof this code by properly using safe_emalloc().

Closes GH-20472.
This commit is contained in:
Niels Dossche
2025-11-13 22:41:23 +01:00
parent 37e61a0dc0
commit 48b19a8ede
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ext/xml/compat.c
View File

@@ -111,7 +111,7 @@ _start_element_handler_ns(void *user, const xmlChar *name, const xmlChar *prefix
if (attributes != NULL) {
xmlChar *qualified_name_attr = NULL;
attrs = safe_emalloc((nb_attributes * 2) + 1, sizeof(int *), 0);
attrs = safe_emalloc(nb_attributes, 2 * sizeof(int *), sizeof(int *));
for (i = 0; i < nb_attributes; i += 1) {