diff options
| author | Jakub Zelenka <bukka@php.net> | 2016-04-03 19:56:15 +0100 |
|---|---|---|
| committer | Jakub Zelenka <bukka@php.net> | 2016-04-03 19:56:15 +0100 |
| commit | 6ac8bc4ecb1fdf112eefdd16d2c4f971e7ac232a (patch) | |
| tree | 3612c90af5d656357045e107ccac556863e929a3 /Zend/zend_alloc.c | |
| parent | df85331220ac60391d5f8d82c42a6c699f47fca1 (diff) | |
| parent | 80015ba741fc857074050086db6c7b2a4716d6d5 (diff) | |
| download | php-git-6ac8bc4ecb1fdf112eefdd16d2c4f971e7ac232a.tar.gz | |
Merge branch 'openssl_error_store' of github.com:bukka/php-src into openssl_error_store
Diffstat (limited to 'Zend/zend_alloc.c')
| -rw-r--r-- | Zend/zend_alloc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index cfc277f136..2e0de26378 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -1353,6 +1353,10 @@ static zend_always_inline void *zend_mm_alloc_heap(zend_mm_heap *heap, size_t si /* special handling for zero-size allocation */ size = MAX(size, 1); size = ZEND_MM_ALIGNED_SIZE(size) + ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info)); + if (UNEXPECTED(size < real_size)) { + zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu + %zu)", ZEND_MM_ALIGNED_SIZE(real_size), ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_debug_info))); + return NULL; + } #endif if (size <= ZEND_MM_MAX_SMALL_SIZE) { ptr = zend_mm_alloc_small(heap, size, ZEND_MM_SMALL_SIZE_TO_BIN(size) ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); |