From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 3 Dec 2007 14:11:09 +0000 (+0000)
Subject: Fixed bug #43482 (array_pad() does not warn on very small pad numbers).
X-Git-Tag: php-5.2.6RC1~272
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=32463e7af9f08315775c4cef68a725edb6c3bced;p=php

Fixed bug #43482 (array_pad() does not warn on very small pad numbers).
---

diff --git a/NEWS b/NEWS
index 1a87ce1a8d..a6ada1d824 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2008, PHP 5.2.6
+- Fixed bug #43482 (array_pad() does not warn on very small pad numbers).
+  (Ilia)
 - Fixed bug #43457 (Prepared statement with incorrect parms doens't
   throw exception with pdo_pgsql driver). (Ilia)
 - Fixed bug #43386 (array_globals not reset to 0 properly on init). (Ilia)
diff --git a/ext/standard/array.c b/ext/standard/array.c
index 9ebb8f1c29..adaefeb0ca 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -2655,6 +2655,11 @@ PHP_FUNCTION(array_pad)
 	/* Do some initial calculations */
 	input_size = zend_hash_num_elements(Z_ARRVAL_PP(input));
 	pad_size_abs = abs(Z_LVAL_PP(pad_size));
+	if (pad_size_abs < 0) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may only pad up to 1048576 elements at a time");
+		zval_dtor(return_value);
+		RETURN_FALSE;
+	}
 	do_pad = (input_size >= pad_size_abs) ? 0 : 1;
 	
 	/* Copy the original array */