[PHP-CVS] cvs: php-src /main output.c

[Ilia Alshanetsky]

iliaa           Thu Jul 31 15:46:03 2003 EDT

  Modified files:              
    /php-src/main       output.c 
  Log:
  Fixed bug #22154 (Possible crash when memory_limit is reached and
  output buffering in addition to session.use_trans_sid is used).
  
  
Index: php-src/main/output.c
diff -u php-src/main/output.c:1.160 php-src/main/output.c:1.161
--- php-src/main/output.c:1.160 Wed Jul 16 04:36:04 2003
+++ php-src/main/output.c       Thu Jul 31 15:46:03 2003
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: output.c,v 1.160 2003/07/16 08:36:04 helly Exp $ */
+/* $Id: output.c,v 1.161 2003/07/31 19:46:03 iliaa Exp $ */
 
 #include "php.h"
 #include "ext/standard/head.h"
@@ -379,15 +379,20 @@
 
 /* {{{ php_ob_allocate
  */
-static inline void php_ob_allocate(TSRMLS_D)
+static inline void php_ob_allocate(uint text_length TSRMLS_DC)
 {
-       if (OG(active_ob_buffer).size<OG(active_ob_buffer).text_length) {
-               while (OG(active_ob_buffer).size <= OG(active_ob_buffer).text_length) {
-                       OG(active_ob_buffer).size+=OG(active_ob_buffer).block_size;
+       uint new_len = OG(active_ob_buffer).text_length + text_length;
+
+       if (OG(active_ob_buffer).size < new_len) {
+               uint buf_size = OG(active_ob_buffer).size;
+               while (buf_size <= new_len) {
+                       buf_size += OG(active_ob_buffer).block_size;
                }
-                       
-               OG(active_ob_buffer).buffer = (char *) 
erealloc(OG(active_ob_buffer).buffer, OG(active_ob_buffer).size+1);
+
+               OG(active_ob_buffer).buffer = (char *) 
erealloc(OG(active_ob_buffer).buffer, buf_size+1);
+               OG(active_ob_buffer).size = buf_size;
        }
+       OG(active_ob_buffer).text_length = new_len;
 }
 /* }}} */
 
@@ -589,9 +594,8 @@
        int original_ob_text_length;
 
        original_ob_text_length=OG(active_ob_buffer).text_length;
-       OG(active_ob_buffer).text_length = OG(active_ob_buffer).text_length + 
text_length;
 
-       php_ob_allocate(TSRMLS_C);
+       php_ob_allocate(text_length TSRMLS_CC);
        target = OG(active_ob_buffer).buffer+original_ob_text_length;
        memcpy(target, text, text_length);
        target[text_length]=0;
@@ -616,8 +620,7 @@
        char *p, *start;
        TSRMLS_FETCH();
 
-       OG(active_ob_buffer).text_length += text_length;
-       php_ob_allocate(TSRMLS_C);
+       php_ob_allocate(text_length TSRMLS_CC);
 
        /* php_ob_allocate() may change OG(ob_buffer), so we can't initialize p&start 
earlier */
        p = OG(ob_buffer)+OG(ob_text_length);



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php