#else
path_copy = path;
#endif
+
+ if (php_check_open_basedir(path_copy TSRMLS_CC)) {
+ return NULL;
+ }
/* try and open it directly first */
bz_file = BZ2_bzopen(path_copy, mode);
if (bz_file == NULL) {
/* that didn't work, so try and get something from the network/wrapper */
- stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
+ stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
if (stream) {
int fd;
int fd, n;
size_t read_bytes;
- if (size <= 0) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an IV with size 0 or smaller");
+ if (size <= 0 || size >= INT_MAX) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can not create an IV with a size of less then 1 or greater then %d", INT_MAX);
return FAILURE;
}
goto err;
}
+ if (shmop->shmflg & IPC_CREAT && shmop->size < 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Shared memory segment size must be greater then zero.");
+ goto err;
+ }
+
shmop->shmid = shmget(shmop->key, shmop->size, shmop->shmflg);
if (shmop->shmid == -1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to attach or create shared memory segment");
add_next_index_double(return_value, low);
}
} else {
- int low, high;
+ double low, high;
long lstep;
long_str:
- convert_to_long(zlow);
- convert_to_long(zhigh);
- low = Z_LVAL_P(zlow);
- high = Z_LVAL_P(zhigh);
+ convert_to_double(zlow);
+ convert_to_double(zhigh);
+ low = Z_DVAL_P(zlow);
+ high = Z_DVAL_P(zhigh);
lstep = (long) step;
if (low > high) { /* Negative steps */
goto err;
}
for (; low >= high; low -= lstep) {
- add_next_index_long(return_value, low);
+ add_next_index_long(return_value, (long)low);
}
- } else if (high > low) { /* Positive steps */
+ } else if (high > low) { /* Positive steps */
if (high - low < lstep || lstep <= 0) {
err = 1;
goto err;
}
for (; low <= high; low += lstep) {
- add_next_index_long(return_value, low);
+ add_next_index_long(return_value, (long)low);
}
} else {
- add_next_index_long(return_value, low);
+ add_next_index_long(return_value, (long)low);
}
}
err:
zend_hash_move_forward_ex(htbl, &pos);
}
- RETVAL_ZVAL(result, 0, 1);
+ RETVAL_ZVAL(result, 1, 1);
}
/* }}} */
php_strtolower(Z_STRVAL_P(pattern), Z_STRLEN_P(pattern));
- t = (char *) malloc(Z_STRLEN_P(pattern)*2 + 3);
+ t = (char *) safe_pemalloc(Z_STRLEN_P(pattern), 2, 3, 1);
t[0] = '^';
zval *new_property;
char *new_key;
- new_property = (zval *) malloc(sizeof(zval));
+ new_property = (zval *) pemalloc(sizeof(zval), 1);
INIT_PZVAL(new_property);
Z_STRVAL_P(new_property) = zend_strndup(Z_STRVAL_P(arg2), Z_STRLEN_P(arg2));
Z_STRLEN_P(new_property) = Z_STRLEN_P(arg2);
HashTable *section_properties;
/*printf("'%s' (%d)\n",$1.value.str.val,$1.value.str.len+1);*/
- current_section = (zval *) malloc(sizeof(zval));
+ current_section = (zval *) pemalloc(sizeof(zval), 1);
INIT_PZVAL(current_section);
- processed = (zval *) malloc(sizeof(zval));
+ processed = (zval *) pemalloc(sizeof(zval), 1);
INIT_PZVAL(processed);
- unprocessed = (zval *) malloc(sizeof(zval));
+ unprocessed = (zval *) pemalloc(sizeof(zval), 1);
INIT_PZVAL(unprocessed);
- section_properties = (HashTable *) malloc(sizeof(HashTable));
+ section_properties = (HashTable *) pemalloc(sizeof(HashTable), 1);
zend_hash_init(section_properties, 0, NULL, (dtor_func_t) browscap_entry_dtor, 1);
current_section->value.ht = section_properties;
current_section->type = IS_ARRAY;
channel.errfd = -1;
/* Duplicate the command as processing downwards will modify it*/
command_dup = strdup(command);
+ if (!command_dup) {
+ goto exit_fail;
+ }
/* get a number of args */
construct_argc_argv(command_dup, NULL, &command_num_args, NULL);
child_argv = (char**) malloc((command_num_args + 1) * sizeof(char*));
RETURN_FALSE;
}
+ if (shm_size < 1) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Segment size must be greater then zero.");
+ RETURN_FALSE;
+ }
+
shm_list_ptr = (sysvshm_shm *) emalloc(sizeof(sysvshm_shm));
/* get the id from a specified key or create new shared memory */
goto bigint;
}
l = (long) d;
+ if (l != d) {
+ goto bigint;
+ }
case IS_LONG:
zend_hash_index_update(target_hash, l, &ent1->data, sizeof(zval *), NULL);
break;
Z_STRVAL_P(ent->data) = estrndup(decoded, decoded_len);
Z_STRLEN_P(ent->data) = decoded_len;
} else {
- Z_STRVAL_P(ent->data) = erealloc(Z_STRVAL_P(ent->data),
- Z_STRLEN_P(ent->data) + decoded_len + 1);
- strncpy(Z_STRVAL_P(ent->data)+Z_STRLEN_P(ent->data), decoded, decoded_len);
Z_STRLEN_P(ent->data) += decoded_len;
+ Z_STRVAL_P(ent->data) = erealloc(Z_STRVAL_P(ent->data), Z_STRLEN_P(ent->data) + 1);
+ strlcpy(Z_STRVAL_P(ent->data) + Z_STRLEN_P(ent->data), decoded, Z_STRLEN_P(ent->data) + 1);
Z_STRVAL_P(ent->data)[Z_STRLEN_P(ent->data)] = '\0';
}
*opened_path = realpath;
realpath = NULL;
}
- if (realpath) {
- efree(realpath);
- }
/* fall through */
case PHP_STREAM_PERSISTENT_FAILURE:
+ if (realpath) {
+ efree(realpath);
+ }
efree(persistent_id);;
return ret;
}
r = do_fstat(self, 0);
if ((r == 0 && !S_ISREG(self->sb.st_mode))) {
+ if (opened_path) {
+ efree(*opened_path);
+ *opened_path = NULL;
+ }
php_stream_close(ret);
return NULL;
}
+----------------------------------------------------------------------+
| PHP Version 5 |
+----------------------------------------------------------------------+
- | Copyright (c) 1997-2006 The PHP Group |
+ | Copyright (c) 1997-2007 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
projects / php / commitdiff