From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 25 Dec 2006 22:36:57 +0000 (+0000)
Subject: Allocation safety checks
X-Git-Tag: php-5.2.1RC2~70
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=52d53543ac748489d108dc6988d02f51fd69b8d6;p=php

Allocation safety checks
---

diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 2f3f3219a7..08a9948562 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2102,7 +2102,7 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
 					Bucket *p;
 	
 					fci.param_count = 0;
-					fci.params = emalloc(sizeof(zval*) * ht->nNumOfElements);
+					fci.params = safe_emalloc(sizeof(zval*), ht->nNumOfElements, 0);
 					p = ht->pListHead;
 					while (p != NULL) {
 						fci.params[fci.param_count++] = (zval**)p->pData;
diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c
index 0f0b281c25..5b6acdcae3 100644
--- a/ext/soap/php_encoding.c
+++ b/ext/soap/php_encoding.c
@@ -974,7 +974,7 @@ static xmlNodePtr to_xml_double(encodeTypePtr type, zval *data, int style, xmlNo
 		convert_to_double(&tmp);
 	}
 	
-	str = (char *) emalloc(MAX_LENGTH_OF_DOUBLE + EG(precision) + 1);
+	str = (char *) safe_emalloc(EG(precision), 1, MAX_LENGTH_OF_DOUBLE + 1);
 	php_gcvt(Z_DVAL(tmp), EG(precision), '.', 'E', str);
 	xmlNodeSetContentLen(ret, BAD_CAST(str), strlen(str));
 	efree(str);
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index ff8548a821..e07360a498 100755
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -1367,7 +1367,7 @@ static int spl_filesystem_file_read(spl_filesystem_object *intern, int silent TS
 	}
 
 	if (intern->u.file.max_line_len > 0) {
-		buf = emalloc((intern->u.file.max_line_len + 1) * sizeof(char));
+		buf = safe_emalloc((intern->u.file.max_line_len + 1), sizeof(char), 0);
 		if (php_stream_get_line(intern->u.file.stream, buf, intern->u.file.max_line_len, &line_len) == NULL) {
 			efree(buf);
 			buf = NULL;
diff --git a/ext/standard/math.c b/ext/standard/math.c
index 79a1693868..0ee6f4ff99 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -976,7 +976,7 @@ PHPAPI char *_php_math_number_format(double d, int dec, char dec_point, char tho
 	dec = MAX(0, dec);
 	PHP_ROUND_WITH_FUZZ(d, dec);
 
-	tmplen = spprintf(&tmpbuf, 0, "%.*f", dec, d);
+	tmplen = spprintf(&tmpbuf, 0, "%.*F", dec, d);
 
 	if (tmpbuf == NULL || !isdigit((int)tmpbuf[0])) {
 		return tmpbuf;
diff --git a/main/main.c b/main/main.c
index e56d70940e..8e6cd90fe8 100644
--- a/main/main.c
+++ b/main/main.c
@@ -100,8 +100,13 @@ PHPAPI int core_globals_id;
  */
 static PHP_INI_MH(OnSetPrecision)
 {
-	EG(precision) = atoi(new_value);
-	return SUCCESS;
+	int i = atoi(new_value);
+	if (i >= 0) {
+		EG(precision) = i;
+		return SUCCESS;
+	} else {
+		return FAILURE;
+	}
 }
 /* }}} */