From: Ilia Alshanetsky <iliaa@php.net>
Date: Sat, 30 Sep 2006 17:17:31 +0000 (+0000)
Subject: MFB: Added safety checks against integer overflow.
X-Git-Tag: RELEASE_1_0_0RC1~1502
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=13a9ddb9737e9a67752663f3a1ffc7f284811de7;p=php

MFB: Added safety checks against integer overflow.
---

diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index ca8aab1a26..c5bf1804c8 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -1730,13 +1730,12 @@ ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset)
 ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
 {
 	void *p;
-	int final_size = size*nmemb;
 
-	p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+	p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
 	if (!p) {
 		return (void *) p;
 	}
-	memset(p, 0, final_size);
+	memset(p, 0, size * nmemb);
 	return p;
 }