php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-27 18:23:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-5.3' into PHP-5.4

Browse Source 
* PHP-5.3:
  Fix potential integer overflow in nl2br
  Fix potential integer overflow in bin2hex

Conflicts:
	ext/standard/string.c
This commit is contained in:
Nikita Popov
2012-07-05 20:59:18 +02:00
parent 9a38ca8d50 157ddd9577
commit 5cf2f87fa7
1 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ext/standard/string.c
+7 -8
View File
@@ -131,8 +131,8 @@ static char *php_bin2hex(const unsigned char *old, const size_t oldlen, size_t *
register unsigned char *result = NULL;
size_t i, j;
result = (unsigned char *) safe_emalloc(oldlen * 2, sizeof(char), 1);
result = (unsigned char *) safe_emalloc(oldlen, 2 * sizeof(char), 1);
for (i = j = 0; i < oldlen; i++) {
result[j++] = hexconvtab[old[i] >> 4];
result[j++] = hexconvtab[old[i] & 15];
@@ -4029,13 +4029,12 @@ PHP_FUNCTION(nl2br)
RETURN_STRINGL(str, str_len, 1);
}
if (is_xhtml) {
new_length = str_len + repl_cnt * (sizeof("<br />") - 1);
} else {
new_length = str_len + repl_cnt * (sizeof("<br>") - 1);
}
{
size_t repl_len = is_xhtml ? (sizeof("<br />") - 1) : (sizeof("<br>") - 1);
tmp = target = emalloc(new_length + 1);
new_length = str_len + repl_cnt * repl_len;
tmp = target = safe_emalloc(repl_cnt, repl_len, str_len + 1);
}
while (str < end) {
switch (*str) {