standard string.c

Ilia Alshanetsky Tue, 01 Apr 2003 16:23:50 -0800

iliaa           Tue Apr  1 19:25:46 2003 EDT

  Modified files:              
    /php4/ext/standard  string.c 
  Log:
  Fixed possible integer overflow in str_repeat().
  
  
Index: php4/ext/standard/string.c
diff -u php4/ext/standard/string.c:1.367 php4/ext/standard/string.c:1.368
--- php4/ext/standard/string.c:1.367    Tue Apr  1 07:46:01 2003
+++ php4/ext/standard/string.c  Tue Apr  1 19:25:45 2003
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.367 2003/04/01 12:46:01 momo Exp $ */
+/* $Id: string.c,v 1.368 2003/04/02 00:25:45 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -3787,6 +3787,10 @@
        
        /* Initialize the result string */      
        result_len = Z_STRLEN_PP(input_str) * Z_LVAL_PP(mult);
+       if (result_len < 1 || result_len > 2147483647) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may not create 
strings longer then 2147483647 bytes");
+               RETURN_FALSE;
+       }
        result = (char *)emalloc(result_len + 1);
        
        /* Heavy optimization for situations where input string is 1 byte long */




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php4 /ext/standard string.c

Reply via email to