From 93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 20 May 2013 00:43:29 -0700
Subject: fix CVE-2013-2110 - use correct formula to calculate string size

---
 ext/standard/quot_print.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ext/standard/quot_print.c')

diff --git a/ext/standard/quot_print.c b/ext/standard/quot_print.c
index 280b86a9a2..6627858989 100644
--- a/ext/standard/quot_print.c
+++ b/ext/standard/quot_print.c
@@ -151,7 +151,7 @@ PHPAPI unsigned char *php_quot_print_encode(const unsigned char *str, size_t len
 	unsigned char c, *ret, *d;
 	char *hex = "0123456789ABCDEF";
 
-	ret = safe_emalloc(1, 3 * length + 3 * (((3 * length)/PHP_QPRINT_MAXL) + 1), 0);
+	ret = safe_emalloc(3, length + (((3 * length)/(PHP_QPRINT_MAXL-9)) + 1), 1);
 	d = ret;
 
 	while (length--) {
-- 
cgit v1.2.1