From 076f4c4433bade2a400b75584864926ee47ada5f Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 13 Mar 2006 14:41:27 +0000
Subject: [PATCH] MFH: Added overflow checks to wordwrap() function.

---
 NEWS                  | 1 +
 ext/standard/string.c | 6 ++----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index c4a4bb6442..43b178b36d 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2006, Version 4.4.3
 - Updated PCRE to version 6.6. (Andrei)
+- Added overflow checks to wordwrap() function. (Ilia)
 - Added a check for special characters in the session name. (Ilia)
 - Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n).
   (Ilia)
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 6efe67f641..cd7b6b1f2b 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -672,15 +672,13 @@ PHP_FUNCTION(wordwrap)
 		/* Multiple character line break or forced cut */
 		if (linelength > 0) {
 			chk = (int)(textlen/linelength + 1);
+			newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
 			alloced = textlen + chk * breakcharlen + 1;
 		} else {
 			chk = textlen;
+			newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
 			alloced = textlen * (breakcharlen + 1) + 1;
 		}
-		if (alloced <= 0) {
-			RETURN_FALSE;
-		}
-		newtext = emalloc(alloced);
 
 		/* now keep track of the actual new text length */
 		newtextlen = 0;
-- 
2.50.1