stas                                     Sat, 15 Oct 2011 23:57:33 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=318136

Log:
fix potential integer overflow

Changed paths:
    U   php/php-src/branches/PHP_5_4/ext/soap/php_http.c
    U   php/php-src/trunk/ext/soap/php_http.c

Modified: php/php-src/branches/PHP_5_4/ext/soap/php_http.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/soap/php_http.c    2011-10-15 23:52:40 UTC 
(rev 318135)
+++ php/php-src/branches/PHP_5_4/ext/soap/php_http.c    2011-10-15 23:57:33 UTC 
(rev 318136)
@@ -1386,7 +1386,7 @@
                if (header_length < 0) {
                        return FALSE;
                }
-               http_buf = emalloc(header_length + 1);
+               http_buf = safe_emalloc(1, header_length, 1);
                while (http_buf_size < header_length) {
                        int len_read = php_stream_read(stream, http_buf + 
http_buf_size, header_length - http_buf_size);
                        if (len_read <= 0) {

Modified: php/php-src/trunk/ext/soap/php_http.c
===================================================================
--- php/php-src/trunk/ext/soap/php_http.c       2011-10-15 23:52:40 UTC (rev 
318135)
+++ php/php-src/trunk/ext/soap/php_http.c       2011-10-15 23:57:33 UTC (rev 
318136)
@@ -1386,7 +1386,7 @@
                if (header_length < 0) {
                        return FALSE;
                }
-               http_buf = emalloc(header_length + 1);
+               http_buf = safe_emalloc(1, header_length, 1);
                while (http_buf_size < header_length) {
                        int len_read = php_stream_read(stream, http_buf + 
http_buf_size, header_length - http_buf_size);
                        if (len_read <= 0) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to