iliaa                                    Fri, 06 Aug 2010 19:55:10 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=301938

Log:
Fixed issues inside str_pad() identified by bug #52550

Bug: http://bugs.php.net/52550 (Analyzed) integer undefined behaviors executed 
during "make test"
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/ext/standard/string.c
    U   php/php-src/trunk/ext/standard/string.c

Modified: php/php-src/branches/PHP_5_3/ext/standard/string.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/string.c  2010-08-06 19:47:03 UTC 
(rev 301937)
+++ php/php-src/branches/PHP_5_3/ext/standard/string.c  2010-08-06 19:55:10 UTC 
(rev 301938)
@@ -4861,7 +4861,7 @@
        long pad_length;                        /* Length to pad to */

        /* Helper variables */
-       int        num_pad_chars;               /* Number of padding characters 
(total - input size) */
+       size_t     num_pad_chars;               /* Number of padding characters 
(total - input size) */
        char  *result = NULL;           /* Resulting string */
        int        result_len = 0;              /* Length of the resulting 
string */
        char  *pad_str_val = " ";       /* Pointer to padding string */
@@ -4874,11 +4874,9 @@
                return;
        }

-       num_pad_chars = pad_length - input_len;
-
        /* If resulting string turns out to be shorter than input string,
           we simply copy the input and return. */
-       if (pad_length <= 0 || num_pad_chars <= 0) {
+       if (pad_length <= 0 || (pad_length - input_len) <= 0) {
                RETURN_STRINGL(input, input_len, 1);
        }

@@ -4892,6 +4890,11 @@
                return;
        }

+       num_pad_chars = pad_length - input_len;
+       if (num_pad_chars >= INT_MAX) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Padding length is 
too long");
+               return;
+       }
        result = (char *)emalloc(input_len + num_pad_chars + 1);

        /* We need to figure out the left/right padding lengths. */

Modified: php/php-src/trunk/ext/standard/string.c
===================================================================
--- php/php-src/trunk/ext/standard/string.c     2010-08-06 19:47:03 UTC (rev 
301937)
+++ php/php-src/trunk/ext/standard/string.c     2010-08-06 19:55:10 UTC (rev 
301938)
@@ -4870,7 +4870,7 @@
        long pad_length;                        /* Length to pad to */

        /* Helper variables */
-       int        num_pad_chars;               /* Number of padding characters 
(total - input size) */
+       size_t     num_pad_chars;               /* Number of padding characters 
(total - input size) */
        char  *result = NULL;           /* Resulting string */
        int        result_len = 0;              /* Length of the resulting 
string */
        char  *pad_str_val = " ";       /* Pointer to padding string */
@@ -4883,11 +4883,9 @@
                return;
        }

-       num_pad_chars = pad_length - input_len;
-
        /* If resulting string turns out to be shorter than input string,
           we simply copy the input and return. */
-       if (pad_length <= 0 || num_pad_chars <= 0) {
+       if (pad_length <= 0 || (pad_length - input_len) <= 0) {
                RETURN_STRINGL(input, input_len, 1);
        }

@@ -4901,6 +4899,11 @@
                return;
        }

+       num_pad_chars = pad_length - input_len;
+       if (num_pad_chars >= INT_MAX) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Padding length is 
too long");
+               return;
+       }
        result = (char *)emalloc(input_len + num_pad_chars + 1);

        /* We need to figure out the left/right padding lengths. */

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to