PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Jun 2007, PHP 5.2.3
+- Fixed an interger overflow inside chunk_split(), identified by Gerhard
+ Wagner (Ilia)
- Fixed bug #41525 (ReflectionParameter::getPosition() not available). (Marcus)
- Fixed bug #41511 (Compile failure under IRIX 6.5.30 building md5.c). (Jani)
- Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty
char *p, *q;
int chunks; /* complete chunks! */
int restlen;
+ int out_len;
chunks = srclen / chunklen;
restlen = srclen - chunks * chunklen; /* srclen % chunklen */
- dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1), sizeof(char), 0);
+ out_len = (srclen + (chunks + 1) * endlen + 1);
+
+ if (out_len > INT_MAX || out_len <= 0) {
+ return NULL;
+ }
+
+ dest = safe_emalloc(out_len, sizeof(char), 0);
for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
memcpy(q, p, chunklen);
echo chunk_split('foooooooooooooooo', 5)."\n";
echo chunk_split(str_repeat('X', 2*76))."\n";
echo chunk_split("test", 10, "|end") . "\n";
+
+$a=str_repeat("B", 65535);
+$b=1;
+$c=str_repeat("B", 65535);
+var_dump(chunk_split($a,$b,$c));
+
?>
--EXPECT--
a-b-c-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
test|end
+bool(false)
projects / php / commitdiff