Use safe_emalloc()

diff --git a/ext/interbase/ibase_query.c b/ext/interbase/ibase_query.c
index 2db8dd0c9f95222954d47e100bc8fdc2eb966a9a..38eccfea8d9bc1a18ff2baa3a5ca83785e2fb7cd 100644 (file)
--- a/ext/interbase/ibase_query.c
+++ b/ext/interbase/ibase_query.c
@@ -1146,7 +1146,7 @@ PHP_FUNCTION(ibase_query)
                                break;
                        }
                } else if (bind_n > 0) {
-                       bind_args = (zval ***) emalloc(sizeof(zval **) * ZEND_NUM_ARGS());
+                       bind_args = (zval ***) safe_emalloc(sizeof(zval **), ZEND_NUM_ARGS(), 0);
 
                        if (FAILURE == zend_get_parameters_array_ex(ZEND_NUM_ARGS(), bind_args)) {
                                break;

diff --git a/ext/json/json.c b/ext/json/json.c
index 84d5aa056c0bd8431108e877420050239eba8e73..470a90d440d062a4a0b29ca8ff77544459555b4d 100644 (file)
--- a/ext/json/json.c
+++ b/ext/json/json.c
@@ -242,7 +242,7 @@ static void json_escape_string(smart_str *buf, char *s, int len)
         return;
     }
 
-    utf16 = (unsigned short *) emalloc(len * sizeof(unsigned short));
+    utf16 = (unsigned short *) safe_emalloc(len, sizeof(unsigned short), 0);
 
     len = utf8_to_utf16(utf16, s, len);
     if (len <= 0)
@@ -421,7 +421,7 @@ static PHP_FUNCTION(json_decode)
         RETURN_NULL();
     }
 
-    utf16 = (unsigned short *) emalloc((parameter_len+1) * sizeof(unsigned short));
+    utf16 = (unsigned short *) safe_emalloc((parameter_len+1), sizeof(unsigned short), 1);
 
     utf16_len = utf8_to_utf16(utf16, parameter, parameter_len);
     if (utf16_len <= 0)

diff --git a/ext/oci8/oci8_statement.c b/ext/oci8/oci8_statement.c
index 7cf783dda69688cba396be5bbfb7210aee167dfb..e39a65f90b08d9383b03d980a532526c7d0c2b80 100644 (file)
--- a/ext/oci8/oci8_statement.c
+++ b/ext/oci8/oci8_statement.c
@@ -1363,7 +1363,7 @@ php_oci_bind *php_oci_bind_array_helper_number(zval* var, long max_table_length
        hash = HASH_OF(var);
 
        bind = emalloc(sizeof(php_oci_bind));
-       bind->array.elements            = (ub4 *)emalloc(max_table_length * sizeof(ub4));
+       bind->array.elements            = (ub4 *)safe_emalloc(max_table_length, sizeof(ub4), 0);
        bind->array.current_length      = zend_hash_num_elements(Z_ARRVAL_P(var));
        bind->array.old_length          = bind->array.current_length;
        bind->array.max_length          = sizeof(ub4);
@@ -1399,7 +1399,7 @@ php_oci_bind *php_oci_bind_array_helper_double(zval* var, long max_table_length
        hash = HASH_OF(var);
 
        bind = emalloc(sizeof(php_oci_bind));
-       bind->array.elements            = (double *)emalloc(max_table_length * sizeof(double));
+       bind->array.elements            = (double *)safe_emalloc(max_table_length, sizeof(double), 0);
        bind->array.current_length      = zend_hash_num_elements(Z_ARRVAL_P(var));
        bind->array.old_length          = bind->array.current_length;
        bind->array.max_length          = sizeof(double);
@@ -1435,7 +1435,7 @@ php_oci_bind *php_oci_bind_array_helper_date(zval* var, long max_table_length, p
        hash = HASH_OF(var);
 
        bind = emalloc(sizeof(php_oci_bind));
-       bind->array.elements            = (OCIDate *)emalloc(max_table_length * sizeof(OCIDate));
+       bind->array.elements            = (OCIDate *)safe_emalloc(max_table_length, sizeof(OCIDate), 0);
        bind->array.current_length      = zend_hash_num_elements(Z_ARRVAL_P(var));
        bind->array.old_length          = bind->array.current_length;
        bind->array.max_length          = sizeof(OCIDate);

diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c
index f8e1504a0e70dfd4e04b95b7a7d05bb76b7733b7..e315562eb1d641c27a04dac86e0a5b906232eb41 100644 (file)
--- a/ext/pdo_dblib/dblib_driver.c
+++ b/ext/pdo_dblib/dblib_driver.c
@@ -144,7 +144,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, int unquote
        char *q;
        int l = 1;
 
-       *quoted = q = emalloc(2 * unquotedlen + 3);
+       *quoted = q = safe_emalloc(2, unquotedlen, 3);
        *q++ = '\'';
 
        while (unquotedlen--) {

diff --git a/ext/pdo_dblib/dblib_stmt.c b/ext/pdo_dblib/dblib_stmt.c
index d4e77fae863fdb77ddcf5a91b902374f583b810e..a8f01a5c1001d7ee0efd42dd33d7299202159046 100644 (file)
--- a/ext/pdo_dblib/dblib_stmt.c
+++ b/ext/pdo_dblib/dblib_stmt.c
@@ -131,7 +131,7 @@ static int pdo_dblib_stmt_execute(pdo_stmt_t *stmt TSRMLS_DC)
 
        arows = 100;
        size = S->ncols * sizeof(pdo_dblib_colval);
-       S->rows = emalloc(arows * size);
+       S->rows = safe_emalloc(arows, size, 0);
 
        /* let's fetch all the data */
        do {

diff --git a/ext/standard/uuencode.c b/ext/standard/uuencode.c
index 536ad4038bbbbe5dcb9a80d7c9fe33ba64cd20ce..8d04c3cf4e34d32df753b6f08a2b92beb6d3b4aa 100644 (file)
--- a/ext/standard/uuencode.c
+++ b/ext/standard/uuencode.c
@@ -71,7 +71,7 @@ PHPAPI int php_uuencode(char *src, int src_len, char **dest)
        char *p, *s, *e, *ee;
 
        /* encoded length is ~ 38% greater then the original */
-       p = *dest = emalloc((ceil(src_len * 1.38) + 45 + 1));
+       p = *dest = safe_emalloc(ceil(src_len * 1.38), 1, 46);
        s = src;
        e = src + src_len;
 
@@ -128,7 +128,7 @@ PHPAPI int php_uudecode(char *src, int src_len, char **dest)
        int len, total_len=0;
        char *s, *e, *p, *ee;
 
-       p = *dest = emalloc(ceil(src_len * 0.75) + 1);
+       p = *dest = safe_emalloc(ceil(src_len * 0.75), 1, 1);
        s = src;
        e = src + src_len;
 

diff --git a/ext/standard/var.c b/ext/standard/var.c
index 64be6260c285bcf0a71fe1aa03fc5c1eb2801a8a..718dd676d456a6885da1cb5a14cb26768e2d2297 100644 (file)
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -691,7 +691,7 @@ static void php_var_serialize_intern(smart_str *buf, zval *struc, HashTable *var
                                char *s;
 
                                smart_str_appendl(buf, "d:", 2);
-                               s = (char *) emalloc(MAX_LENGTH_OF_DOUBLE + PG(serialize_precision) + 1);
+                               s = (char *) safe_emalloc(PG(serialize_precision), 1, MAX_LENGTH_OF_DOUBLE + 1);
                                php_gcvt(Z_DVAL_P(struc), PG(serialize_precision), '.', 'E', s);
                                smart_str_appends(buf, s);
                                smart_str_appendc(buf, ';');