Commit:    88f46b162b3bf9bc9a7a1d3d7280f702f5b9f501
Author:    Nikita Popov <ni...@php.net>         Thu, 5 Jul 2012 20:14:49 +0200
Parents:   6b2b1952671c74056c3335ded8342a94d5df931f
Branches:  PHP-5.3 PHP-5.4 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=88f46b162b3bf9bc9a7a1d3d7280f702f5b9f501

Log:
Fix potential integer overflow in bin2hex

The code was already using safe_emalloc but did the multiplication in
the first argument, thus making the use of safe_emalloc pretty useless.

The *2 is now moved to the second argument.

Changed paths:
  M  ext/standard/string.c


Diff:
diff --git a/ext/standard/string.c b/ext/standard/string.c
index e3fc27e..a521d78 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -131,7 +131,7 @@ static char *php_bin2hex(const unsigned char *old, const 
size_t oldlen, size_t *
        register unsigned char *result = NULL;
        size_t i, j;
 
-       result = (unsigned char *) safe_emalloc(oldlen * 2, sizeof(char), 1);
+       result = (unsigned char *) safe_emalloc(oldlen, 2 * sizeof(char), 1);
        
        for (i = j = 0; i < oldlen; i++) {
                result[j++] = hexconvtab[old[i] >> 4];


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to