Merge branch 'PHP-5.3' into PHP-5.4

* PHP-5.3: fix CVE-2013-2110 - use correct formula to calculate string size
author: Stanislav Malyshev <stas@php.net> 2013-06-04 21:57:16 -0700
committer: Stanislav Malyshev <stas@php.net> 2013-06-04 21:58:44 -0700
commit: efdeec3c0eb8e1bd9d14af37be6979fb46eda5df (patch)
tree: 825ac4a493eff40807d9d75809257273595a67c4 /ext/standard/quot_print.c
parent: 90bb28726bd0728059b0d58b1c063ae8ea250966 (diff)
parent: 93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 (diff)
download: php-git-efdeec3c0eb8e1bd9d14af37be6979fb46eda5df.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/standard/quot_print.c b/ext/standard/quot_print.c
index 28dcc63f13..0df127362f 100644
--- a/ext/standard/quot_print.c
+++ b/ext/standard/quot_print.c
@@ -151,7 +151,7 @@ PHPAPI unsigned char *php_quot_print_encode(const unsigned char *str, size_t len
 	unsigned char c, *ret, *d;
 	char *hex = "0123456789ABCDEF";
 
-	ret = safe_emalloc(1, 3 * length + 3 * (((3 * length)/PHP_QPRINT_MAXL) + 1), 0);
+	ret = safe_emalloc(3, length + (((3 * length)/(PHP_QPRINT_MAXL-9)) + 1), 1);
 	d = ret;
 
 	while (length--) {
@@ -286,4 +286,4 @@ PHP_FUNCTION(quoted_printable_encode)
  * End:
  * vim600: sw=4 ts=4 fdm=marker
  * vim<600: sw=4 ts=4
- */
-\ No newline at end of file
+ */
author	Stanislav Malyshev <stas@php.net>	2013-06-04 21:57:16 -0700
committer	Stanislav Malyshev <stas@php.net>	2013-06-04 21:58:44 -0700
commit	efdeec3c0eb8e1bd9d14af37be6979fb46eda5df (patch)
tree	825ac4a493eff40807d9d75809257273595a67c4 /ext/standard/quot_print.c
parent	90bb28726bd0728059b0d58b1c063ae8ea250966 (diff)
parent	93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 (diff)
download	php-git-efdeec3c0eb8e1bd9d14af37be6979fb46eda5df.tar.gz