From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 12 Apr 2019 09:11:53 +0000 (+0200)
Subject: Regroup expressions in php_schema.c to avoid array bounds warnings
X-Git-Tag: php-7.4.0alpha1~527
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=88bfd2ae98fb163f4b8789b0cb41f7c01eff7c3f;p=php

Regroup expressions in php_schema.c to avoid array bounds warnings
---

diff --git a/ext/soap/php_schema.c b/ext/soap/php_schema.c
index bb0f93a69a..33793704ad 100644
--- a/ext/soap/php_schema.c
+++ b/ext/soap/php_schema.c
@@ -458,7 +458,7 @@ static int schema_list(sdlPtr sdl, xmlAttrPtr tns, xmlNodePtr listType, sdlTypeP
 		{
 			char buf[MAX_LENGTH_OF_LONG + 1];
 			char *res = zend_print_long_to_buf(buf + sizeof(buf) - 1, zend_hash_num_elements(sdl->types));
-			char *str = emalloc(sizeof("anonymous") + buf + sizeof(buf) - 1 - res);
+			char *str = emalloc(sizeof("anonymous")-1 + (buf + sizeof(buf) - res));
 
 			memcpy(str, "anonymous", sizeof("anonymous")-1);
 			memcpy(str + sizeof("anonymous")-1, res, buf + sizeof(buf) - res);
@@ -555,7 +555,7 @@ static int schema_union(sdlPtr sdl, xmlAttrPtr tns, xmlNodePtr unionType, sdlTyp
 			{
 				char buf[MAX_LENGTH_OF_LONG + 1];
 				char *res = zend_print_long_to_buf(buf + sizeof(buf) - 1, zend_hash_num_elements(sdl->types));
-				char *str = emalloc(sizeof("anonymous") + buf + sizeof(buf) - 1 - res);
+				char *str = emalloc(sizeof("anonymous")-1 + (buf + sizeof(buf) - res));
 
 				memcpy(str, "anonymous", sizeof("anonymous")-1);
 				memcpy(str + sizeof("anonymous")-1, res, buf + sizeof(buf) - res);
@@ -1799,6 +1799,7 @@ static int schema_attribute(sdlPtr sdl, xmlAttrPtr tns, xmlNodePtr attrType, sdl
 		smart_str_free(&key);
 	} else{
 		soap_error0(E_ERROR, "Parsing Schema: attribute has no 'name' nor 'ref' attributes");
+		return FALSE; /* the above call is noreturn, but not marked as such */
 	}
 
 	/* type = QName */
@@ -1927,7 +1928,7 @@ static int schema_attribute(sdlPtr sdl, xmlAttrPtr tns, xmlNodePtr attrType, sdl
 			{
 				char buf[MAX_LENGTH_OF_LONG + 1];
 				char *res = zend_print_long_to_buf(buf + sizeof(buf) - 1, zend_hash_num_elements(sdl->types));
-				char *str = emalloc(sizeof("anonymous") + buf + sizeof(buf) - 1 - res);
+				char *str = emalloc(sizeof("anonymous")-1 + (buf + sizeof(buf) - res));
 
 				memcpy(str, "anonymous", sizeof("anonymous")-1);
 				memcpy(str + sizeof("anonymous")-1, res, buf + sizeof(buf) - res);