From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 25 Apr 2003 21:59:58 +0000 (+0000)
Subject: emalloc -> safe_emalloc
X-Git-Tag: SPL_ALPHA~71
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ab0e80d42fea78dfbd60a959eca733eb49255096;p=php

emalloc -> safe_emalloc
Fixed possible buffer overflow in pg_lo_read()
---

diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 7105e5440d..ef0d1c4fe6 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -1968,7 +1968,7 @@ PHP_FUNCTION(pg_lo_read)
 		buf_len = Z_LVAL_PP(len);
 	}
 	
-	buf = (char *) emalloc(sizeof(char)*(buf_len+1));
+	buf = (char *) safe_emalloc(sizeof(char), (buf_len+1), 0);
 	if ((nbytes = lo_read((PGconn *)pgsql->conn, pgsql->lofd, buf, buf_len))<0) {
 		efree(buf);
 		RETURN_FALSE;
@@ -2622,7 +2622,7 @@ PHP_FUNCTION(pg_escape_string)
 		return;
 	}
 
-	to = (char *)emalloc(from_len*2+1);
+	to = (char *)safe_emalloc(from_len, 2, 1);
 	to_len = (int)PQescapeString(to, from, from_len);
 	RETURN_STRINGL(to, to_len, 0);
 }
@@ -3566,7 +3566,7 @@ PHPAPI int php_pgsql_convert(PGconn *pg_link, const char *table_name, const zval
 #if HAVE_PQESCAPE
 							{
 								char *tmp;
-	 							tmp = (char *)emalloc(Z_STRLEN_PP(val)*2+1);
+	 							tmp = (char *)safe_emalloc(Z_STRLEN_PP(val), 2, 1);
 								Z_STRLEN_P(new_val) = (int)PQescapeString(tmp, Z_STRVAL_PP(val), Z_STRLEN_PP(val));
 								Z_STRVAL_P(new_val) = tmp;
 							}