On Sun, 05 Feb 2012 14:00:11 +0100, Gustavo Lopes wrote:
On Sun, 5 Feb 2012 10:55:39 -0000, Nuno Lopes wrote:
I didn't carefully review this patch, but doesn't this code suffer
from potential math overflow?
i.e. with strlen($input_str) > INT_MAX/2 (or UINT_MAX/2)
Advertising
All the length and position variables are of type size_t, so I'd say
we'd be out of memory long before that could be a problem (unless
there's some architecture of which I'm not aware where SIZE_T is low
enough for this to be a problem).
read: SIZE_MAX, not SIZE_T
--
Gustavo Lopes
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
