MFB: Added safety checks against integer overflow.

diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index ca8aab1a266a954ed657867f155a4916a98814f0..c5bf1804c81da82717d9365558595ae6c1b5f063 100644 (file)
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -1730,13 +1730,12 @@ ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset)
 ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
        void *p;
-       int final_size = size*nmemb;
 
-       p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+       p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
        if (!p) {
                return (void *) p;
        }
-       memset(p, 0, final_size);
+       memset(p, 0, size * nmemb);
        return p;
 }