On Sun, 05 Feb 2012 14:00:11 +0100, Gustavo Lopes wrote:
On Sun, 5 Feb 2012 10:55:39 -0000, Nuno Lopes wrote:
I didn't carefully review this patch, but doesn't this code suffer
from potential math overflow?
i.e. with strlen($input_str) > INT_MAX/2  (or UINT_MAX/2)


All the length and position variables are of type size_t, so I'd say
we'd be out of memory long before that could be a problem (unless
there's some architecture of which I'm not aware where SIZE_T is low
enough for this to be a problem).

read: SIZE_MAX, not SIZE_T

--
Gustavo Lopes

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to