From: Stanislav Malyshev <stas@php.net>
Date: Thu, 4 Aug 2016 05:37:57 +0000 (-0700)
Subject: Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
X-Git-Tag: php-7.1.0beta3~33^2~8^2~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b735a4419c1e796520b395a2aa0b6943d9157b73;p=php

Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation

(cherry picked from commit c3f6d6da100c6451a540680504de4105b8bed83c)

Conflicts:
	ext/snmp/snmp.c
	main/php_version.h
---

diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
index 7b685ff5dc..63e8095ed7 100644
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@ -1011,7 +1011,7 @@ static int php_snmp_parse_oid(zval *object, int st, struct objid_query *objid_qu
 			php_error_docref(NULL, E_WARNING, "Got empty OID array");
 			return FALSE;
 		}
-		objid_query->vars = (snmpobjarg *)emalloc(sizeof(snmpobjarg) * zend_hash_num_elements(Z_ARRVAL_P(oid)));
+		objid_query->vars = (snmpobjarg *)safe_emalloc(sizeof(snmpobjarg), zend_hash_num_elements(Z_ARRVAL_P(oid)), 0);
 		if (objid_query->vars == NULL) {
 			php_error_docref(NULL, E_WARNING, "emalloc() failed while parsing oid array: %s", strerror(errno));
 			efree(objid_query->vars);