iliaa Tue Apr 1 19:25:46 2003 EDT Modified files: /php4/ext/standard string.c Log: Fixed possible integer overflow in str_repeat(). Index: php4/ext/standard/string.c diff -u php4/ext/standard/string.c:1.367 php4/ext/standard/string.c:1.368 --- php4/ext/standard/string.c:1.367 Tue Apr 1 07:46:01 2003 +++ php4/ext/standard/string.c Tue Apr 1 19:25:45 2003 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: string.c,v 1.367 2003/04/01 12:46:01 momo Exp $ */ +/* $Id: string.c,v 1.368 2003/04/02 00:25:45 iliaa Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -3787,6 +3787,10 @@ /* Initialize the result string */ result_len = Z_STRLEN_PP(input_str) * Z_LVAL_PP(mult); + if (result_len < 1 || result_len > 2147483647) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may not create strings longer then 2147483647 bytes"); + RETURN_FALSE; + } result = (char *)emalloc(result_len + 1); /* Heavy optimization for situations where input string is 1 byte long */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php