- Fix bug #55622, better fix for this issue, old fix can break if sizeof(size_t)...

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index d06c0c676a80474ff490f07d6bd3cd62bfcf6cf1..3f30aef521bb98b76617bd790bd5d5d2306ccca5 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -3989,7 +3989,13 @@ PHP_FUNCTION(getenv)
 
                ptr = emalloc(size);
                size = GetEnvironmentVariableA(str, ptr, size);
-               RETURN_STRING(ptr, 0);
+               if (size == 0) {
+                               /* has been removed between the two calls */
+                               efree(ptr);
+                               RETURN_EMPTY_STRING();
+               } else {
+                       RETURN_STRING(ptr, 0);
+               }
        }
 #else
        /* system method returns a const */
@@ -5930,7 +5936,7 @@ PHP_FUNCTION(parse_ini_file)
 PHP_FUNCTION(parse_ini_string)
 {
        char *string = NULL, *str = NULL;
-       size_t str_len = 0;
+       int str_len = 0;
        zend_bool process_sections = 0;
        long scanner_mode = ZEND_INI_SCANNER_NORMAL;
        zend_ini_parser_cb_t ini_parser_cb;
@@ -5939,6 +5945,10 @@ PHP_FUNCTION(parse_ini_string)
                RETURN_FALSE;
        }
 
+       if (INT_MAX - str_len < ZEND_MMAP_AHEAD) {
+               RETVAL_FALSE;
+       }
+
        /* Set callback function */
        if (process_sections) {
                BG(active_ini_file_section) = NULL;