diff options
author | Dmitry Stogov <dmitry@zend.com> | 2015-08-28 12:47:21 +0300 |
---|---|---|
committer | Dmitry Stogov <dmitry@zend.com> | 2015-08-28 12:47:21 +0300 |
commit | 87f0f77105eb940d0eca63b7c889c136e9ce2a48 (patch) | |
tree | cbc61ff0caf454b659acbad7448ffa5da6499fa5 | |
parent | 5d15d2b26d01ec267234b26abad6be4e04b364ac (diff) | |
download | php-git-87f0f77105eb940d0eca63b7c889c136e9ce2a48.tar.gz |
Simplified integer overflow checks
-rw-r--r-- | Zend/zend_alloc.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 23ec7bcfbb..c30d26b623 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -2486,7 +2486,10 @@ ZEND_API char* ZEND_FASTCALL _estrdup(const char *s ZEND_FILE_LINE_DC ZEND_FILE_ char *p; length = strlen(s); - p = (char *) _emalloc(safe_address(length, 1, 1) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + if (UNEXPECTED(length + 1 == 0)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", 1, length, 1); + } + p = (char *) _emalloc(length + 1 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); if (UNEXPECTED(p == NULL)) { return p; } @@ -2498,7 +2501,10 @@ ZEND_API char* ZEND_FASTCALL _estrndup(const char *s, size_t length ZEND_FILE_LI { char *p; - p = (char *) _emalloc(safe_address(length, 1, 1) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + if (UNEXPECTED(length + 1 == 0)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", 1, length, 1); + } + p = (char *) _emalloc(length + 1 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); if (UNEXPECTED(p == NULL)) { return p; } @@ -2512,7 +2518,10 @@ ZEND_API char* ZEND_FASTCALL zend_strndup(const char *s, size_t length) { char *p; - p = (char *) malloc(safe_address(length, 1, 1)); + if (UNEXPECTED(length + 1 == 0)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", 1, length, 1); + } + p = (char *) malloc(length + 1); if (UNEXPECTED(p == NULL)) { return p; } |