]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e70069a)
Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
authorStanislav Malyshev <stas@php.net>
Thu, 4 Aug 2016 05:37:57 +0000 (22:37 -0700)
committerAnatol Belski <ab@php.net>
Tue, 16 Aug 2016 12:22:10 +0000 (14:22 +0200)
(cherry picked from commit c3f6d6da100c6451a540680504de4105b8bed83c)

Conflicts:
ext/snmp/snmp.c
main/php_version.h

ext/snmp/snmp.c patch | blob | history

diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
index 7b685ff5dcc9b057c416ca4e980175552b73a880..63e8095ed7cebdfe78a1a8f1cef1c699b33ebab7 100644 (file)
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@ -1011,7 +1011,7 @@ static int php_snmp_parse_oid(zval *object, int st, struct objid_query *objid_qu
                        php_error_docref(NULL, E_WARNING, "Got empty OID array");
                        return FALSE;
                }
-               objid_query->vars = (snmpobjarg *)emalloc(sizeof(snmpobjarg) * zend_hash_num_elements(Z_ARRVAL_P(oid)));
+               objid_query->vars = (snmpobjarg *)safe_emalloc(sizeof(snmpobjarg), zend_hash_num_elements(Z_ARRVAL_P(oid)), 0);
                if (objid_query->vars == NULL) {
                        php_error_docref(NULL, E_WARNING, "emalloc() failed while parsing oid array: %s", strerror(errno));
                        efree(objid_query->vars);
Unnamed repository; edit this file 'description' to name the repository.