return ret;
}
+/* A bit more generic version of the same */
+static zend_always_inline size_t zend_safe_addmult(size_t nmemb, size_t size, size_t offset, const char *message)
+{
+ int overflow;
+ size_t ret = zend_safe_address(nmemb, size, offset, &overflow);
+
+ if (UNEXPECTED(overflow)) {
+ zend_error_noreturn(E_ERROR, "Possible integer overflow in %s (%zu * %zu + %zu)", message, nmemb, size, offset);
+ return 0;
+ }
+ return ret;
+}
+
#endif /* ZEND_MULTIPLY_H */
/*
}
}
dig_done:
+ if (nd < 0) {
+ /* overflow */
+ nd = DBL_DIG + 2;
+ }
+ if (nf < 0) {
+ /* overflow */
+ nf = DBL_DIG + 2;
+ }
e = 0;
if (c == 'e' || c == 'E') {
if (!nd && !nz && !nz0) {
}
freelist[i] = NULL;
}
- FREE_DTOA_LOCK(0)
+ FREE_DTOA_LOCK(0)
}
#ifdef __cplusplus
bzs.avail_in = source_len;
/* in most cases bz2 offers at least 2:1 compression, so we use that as our base */
+ dest = zend_string_safe_alloc(source_len, 2, 1, 0);
bzs.avail_out = source_len * 2;
- dest = zend_string_alloc(bzs.avail_out + 1, 0);
bzs.next_out = ZSTR_VAL(dest);
while ((error = BZ2_bzDecompress(&bzs)) == BZ_OK && bzs.avail_in > 0) {
if (zend_parse_parameters(ZEND_NUM_ARGS(), "r", &pgsql_link) == FAILURE) {
return;
}
-
+
if ((pgsql = (PGconn *)zend_fetch_resource2(Z_RES_P(pgsql_link), "PostgreSQL link", le_link, le_plink)) == NULL) {
RETURN_FALSE;
}
break;
}
- to = zend_string_alloc(ZSTR_LEN(from) * 2, 0);
+ to = zend_string_safe_alloc(ZSTR_LEN(from), 2, 0, 0);
#ifdef HAVE_PQESCAPE_CONN
if (link) {
if ((pgsql = (PGconn *)zend_fetch_resource2(link, "PostgreSQL link", le_link, le_plink)) == NULL) {
RETURN_FALSE;
}
to = (char *)PQescapeByteaConn(pgsql, (unsigned char *)from, (size_t)from_len, &to_len);
- } else
+ } else
#endif
to = (char *)PQescapeBytea((unsigned char*)from, from_len, &to_len);
if (intern->file_name) {
efree(intern->file_name);
}
- intern->file_name_len = (int)spprintf(&intern->file_name, 0, "%s%c%s",
+ intern->file_name_len = spprintf(&intern->file_name, 0, "%s%c%s",
spl_filesystem_object_get_path(intern, NULL),
slash, intern->u.dir.entry.d_name);
break;
int skip_dots = SPL_HAS_FLAG(intern->flags, SPL_FILE_DIR_SKIPDOTS);
intern->type = SPL_FS_DIR;
- intern->_path_len = (int)strlen(path);
+ intern->_path_len = strlen(path);
intern->u.dir.dirp = php_stream_opendir(path, REPORT_ERRORS, FG(default_context));
if (intern->_path_len > 1 && IS_SLASH_AT(path, intern->_path_len-1)) {
}
intern->file_name = use_copy ? estrndup(path, len) : path;
- intern->file_name_len = (int)len;
+ intern->file_name_len = len;
while (intern->file_name_len > 1 && IS_SLASH_AT(intern->file_name, intern->file_name_len-1)) {
intern->file_name[intern->file_name_len-1] = 0;
p2 = 0;
#endif
if (p1 || p2) {
- intern->_path_len = (int)((p1 > p2 ? p1 : p2) - intern->file_name);
+ intern->_path_len = ((p1 > p2 ? p1 : p2) - intern->file_name);
} else {
intern->_path_len = 0;
}
intern->_path = estrndup(path, intern->_path_len);
} /* }}} */
-static spl_filesystem_object *spl_filesystem_object_create_info(spl_filesystem_object *source, char *file_path, int file_path_len, int use_copy, zend_class_entry *ce, zval *return_value) /* {{{ */
+static spl_filesystem_object *spl_filesystem_object_create_info(spl_filesystem_object *source, char *file_path, size_t file_path_len, int use_copy, zend_class_entry *ce, zval *return_value) /* {{{ */
{
spl_filesystem_object *intern;
zval arg1;
const char *p;
size_t flen;
size_t path_len;
- int idx;
+ size_t idx;
zend_string *ret;
if (zend_parse_parameters_none() == FAILURE) {
p = zend_memrchr(ZSTR_VAL(ret), '.', ZSTR_LEN(ret));
if (p) {
- idx = (int)(p - ZSTR_VAL(ret));
+ idx = p - ZSTR_VAL(ret);
RETVAL_STRINGL(ZSTR_VAL(ret) + idx + 1, ZSTR_LEN(ret) - idx - 1);
zend_string_release(ret);
return;
{
spl_filesystem_object *intern = Z_SPLFILESYSTEM_P(getThis());
const char *p;
- int idx;
+ size_t idx;
zend_string *fname;
if (zend_parse_parameters_none() == FAILURE) {
p = zend_memrchr(ZSTR_VAL(fname), '.', ZSTR_LEN(fname));
if (p) {
- idx = (int)(p - ZSTR_VAL(fname));
+ idx = p - ZSTR_VAL(fname);
RETVAL_STRINGL(ZSTR_VAL(fname) + idx + 1, ZSTR_LEN(fname) - idx - 1);
zend_string_release(fname);
} else {
if (path) {
char *dpath = estrndup(path, path_len);
path_len = php_dirname(dpath, path_len);
- spl_filesystem_object_create_info(intern, dpath, (int)path_len, 1, ce, return_value);
+ spl_filesystem_object_create_info(intern, dpath, path_len, 1, ce, return_value);
efree(dpath);
}
}
subdir = Z_SPLFILESYSTEM_P(return_value);
if (subdir) {
if (intern->u.dir.sub_path && intern->u.dir.sub_path[0]) {
- subdir->u.dir.sub_path_len = (int)spprintf(&subdir->u.dir.sub_path, 0, "%s%c%s", intern->u.dir.sub_path, slash, intern->u.dir.entry.d_name);
+ subdir->u.dir.sub_path_len = spprintf(&subdir->u.dir.sub_path, 0, "%s%c%s", intern->u.dir.sub_path, slash, intern->u.dir.entry.d_name);
} else {
- subdir->u.dir.sub_path_len = (int)strlen(intern->u.dir.entry.d_name);
+ subdir->u.dir.sub_path_len = strlen(intern->u.dir.entry.d_name);
subdir->u.dir.sub_path = estrndup(intern->u.dir.entry.d_name, subdir->u.dir.sub_path_len);
}
subdir->info_class = intern->info_class;
p2 = 0;
#endif
if (p1 || p2) {
- intern->_path_len = (int)((p1 > p2 ? p1 : p2) - tmp_path);
+ intern->_path_len = ((p1 > p2 ? p1 : p2) - tmp_path);
} else {
intern->_path_len = 0;
}
if (oldlen < 64) {
maxlen = 128;
} else {
- maxlen = 2 * oldlen;
- if (maxlen < oldlen) {
- zend_error_noreturn(E_ERROR, "Input string is too long");
- return NULL;
- }
+ maxlen = zend_safe_addmult(oldlen, 2, 0, "html_entities");
}
replaced = zend_string_alloc(maxlen, 0);
/* calculate the length of the return buffer */
if (dp) {
- integral = (int)(dp - ZSTR_VAL(tmpbuf));
+ integral = (dp - ZSTR_VAL(tmpbuf));
} else {
/* no decimal point was found */
- integral = (int)ZSTR_LEN(tmpbuf);
+ integral = ZSTR_LEN(tmpbuf);
}
/* allow for thousand separators */
if (thousand_sep) {
- if (integral + thousand_sep_len * ((integral-1) / 3) < integral) {
- /* overflow */
- php_error_docref(NULL, E_ERROR, "String overflow");
- }
- integral += thousand_sep_len * ((integral-1) / 3);
+ integral = zend_safe_addmult((integral-1)/3, thousand_sep_len, integral, "number formatting");
}
reslen = integral;
reslen += dec;
if (dec_point) {
- if (reslen + dec_point_len < dec_point_len) {
- /* overflow */
- php_error_docref(NULL, E_ERROR, "String overflow");
- }
- reslen += dec_point_len;
+ reslen = zend_safe_addmult(reslen, 1, dec_point_len, "number formatting");
}
}
* Take care, as the sprintf implementation may return less places than
* we requested due to internal buffer limitations */
if (dec) {
- int declen = (int)(dp ? s - dp : 0);
- int topad = dec > declen ? dec - declen : 0;
+ size_t declen = (dp ? s - dp : 0);
+ size_t topad = dec > declen ? dec - declen : 0;
/* pad with '0's */
while (topad--) {
zval obj, zfilter;
zval func_name;
zval retval;
- int len;
+ size_t len;
/* some sanity checks */
if (persistent) {
return NULL;
}
- len = (int)strlen(filtername);
+ len = strlen(filtername);
/* determine the classname/class entry */
if (NULL == (fdat = zend_hash_str_find_ptr(BG(user_filter_map), (char*)filtername, len))) {
TODO: Allow failed userfilter creations to continue
scanning through the list */
if ((period = strrchr(filtername, '.'))) {
- char *wildcard = emalloc(len + 3);
+ char *wildcard = safe_emalloc(len, 1, 3);
/* Search for wildcard matches instead */
memcpy(wildcard, filtername, len + 1); /* copy \0 */
if (!bucket->own_buf) {
bucket = php_stream_bucket_make_writeable(bucket);
}
- if ((int)bucket->buflen != Z_STRLEN_P(pzdata)) {
+ if (bucket->buflen != Z_STRLEN_P(pzdata)) {
bucket->buf = perealloc(bucket->buf, Z_STRLEN_P(pzdata), bucket->is_persistent);
bucket->buflen = Z_STRLEN_P(pzdata);
}
simplestring_init_str(target);
}
- if((INT_MAX - add_len) < target->len || (INT_MAX - add_len - 1) < target->len) {
+ if((SIZE_MAX - add_len) < target->len || (SIZE_MAX - add_len - 1) < target->len) {
/* check for overflows, if there's a potential overflow do nothing */
return;
}
*/
typedef struct _simplestring {
char* str; /* string buf */
- int len; /* length of string/buf */
- int size; /* size of allocated buffer */
+ size_t len; /* length of string/buf */
+ size_t size; /* size of allocated buffer */
} simplestring;
/******/
projects / php / commitdiff