]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8763c60)
Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
authorStanislav Malyshev <stas@php.net>
Thu, 4 Aug 2016 05:37:57 +0000 (22:37 -0700)
committerStanislav Malyshev <stas@php.net>
Wed, 17 Aug 2016 05:55:19 +0000 (22:55 -0700)
ext/snmp/snmp.c patch | blob | history

diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
index b88cdcd14c8d7c7915c0ded41646a00c994244da..d2c1b94bb8963bd1099e8df505344add54f3d5a4 100644 (file)
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@ -1032,7 +1032,7 @@ static int php_snmp_parse_oid(zval *object, int st, struct objid_query *objid_qu
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Got empty OID array");
                        return FALSE;
                }
-               objid_query->vars = (snmpobjarg *)emalloc(sizeof(snmpobjarg) * zend_hash_num_elements(Z_ARRVAL_PP(oid)));
+               objid_query->vars = (snmpobjarg *)safe_emalloc(sizeof(snmpobjarg), zend_hash_num_elements(Z_ARRVAL_PP(oid)), 0);
                if (objid_query->vars == NULL) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "emalloc() failed while parsing oid array: %s", strerror(errno));
                        efree(objid_query->vars);
Unnamed repository; edit this file 'description' to name the repository.