MFB: safety checks

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 404d183bb7698c7cc2f2badb73e2daa16db194ab..0dfb5b0756d993f7e22ee11487092b11125d592f 100644 (file)
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3536,7 +3536,7 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
                                                                exif_error_docref(NULL TSRMLS_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data ? "ignore" : "read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size);
 #endif
                                                                if (!ImageInfo->Thumbnail.data) {
-                                                                       ImageInfo->Thumbnail.data = emalloc(ImageInfo->Thumbnail.size);
+                                                                       ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0);
                                                                        php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET);
                                                                        fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size);
                                                                        if (fgot < ImageInfo->Thumbnail.size) {
@@ -3569,7 +3569,7 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
                                        exif_error_docref(NULL TSRMLS_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data ? "ignore" : "read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size);
 #endif
                                        if (!ImageInfo->Thumbnail.data && ImageInfo->Thumbnail.offset && ImageInfo->Thumbnail.size && ImageInfo->read_thumbnail) {
-                                               ImageInfo->Thumbnail.data = emalloc(ImageInfo->Thumbnail.size);
+                                               ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0);
                                                php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET);
                                                fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size);
                                                if (fgot < ImageInfo->Thumbnail.size) {

diff --git a/main/main.c b/main/main.c
index d1bfd907972e4ea29859e0df14a55e731271f4d0..67cd728856c06342b52e19ab7d5a55fb976b5645 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -132,8 +132,13 @@ static int short_track_vars_names_length[] = {
  */
 static PHP_INI_MH(OnSetPrecision)
 {
-       EG(precision) = atoi(new_value);
-       return SUCCESS;
+       int i = atoi(new_value);
+       if (i >= 0) {
+               EG(precision) = i;
+               return SUCCESS;
+       } else {
+               return FAILURE;
+}
 }
 /* }}} */
 
@@ -312,7 +317,7 @@ PHP_INI_BEGIN()
        STD_PHP_INI_BOOLEAN("y2k_compliance",           "1",            PHP_INI_ALL,            OnUpdateBool,                   y2k_compliance,                 php_core_globals,       core_globals)
 
        STD_PHP_INI_ENTRY("unserialize_callback_func",  NULL,   PHP_INI_ALL,            OnUpdateString,                 unserialize_callback_func,      php_core_globals,       core_globals)
-       STD_PHP_INI_ENTRY("serialize_precision",        "100",  PHP_INI_ALL,            OnUpdateInt,                    serialize_precision,    php_core_globals,       core_globals)
+       STD_PHP_INI_ENTRY("serialize_precision",        "100",  PHP_INI_ALL,            OnUpdateLongGEZero,                     serialize_precision,    php_core_globals,       core_globals)
        STD_PHP_INI_ENTRY("arg_separator.output",       "&",            PHP_INI_ALL,            OnUpdateStringUnempty,  arg_separator.output,   php_core_globals,       core_globals)
        STD_PHP_INI_ENTRY("arg_separator.input",        "&",            PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateStringUnempty,  arg_separator.input,    php_core_globals,       core_globals)