From c89b7a48606468107adb4a83d5d39bfc6cda1d5f Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Wed, 27 Apr 2016 12:23:51 +0800
Subject: [PATCH] Use zend_string_safe_alloc

---
 ext/gmp/gmp.c                    | 5 ++---
 ext/standard/string.c            | 2 +-
 ext/standard/var_unserializer.c  | 2 +-
 ext/standard/var_unserializer.re | 2 +-
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
index 56235e0c68..928ec26005 100644
--- a/ext/gmp/gmp.c
+++ b/ext/gmp/gmp.c
@@ -1144,11 +1144,10 @@ ZEND_FUNCTION(gmp_export)
 	} else {
 		size_t bits_per_word = size * 8;
 		size_t count = (mpz_sizeinbase(gmpnumber, 2) + bits_per_word - 1) / bits_per_word;
-		size_t out_len = count * size;
 
-		zend_string *out_string = zend_string_alloc(out_len, 0);
+		zend_string *out_string = zend_string_safe_alloc(count, out_len, 0, 0);
 		mpz_export(ZSTR_VAL(out_string), NULL, order, size, endian, 0, gmpnumber);
-		ZSTR_VAL(out_string)[out_len] = '\0';
+		ZSTR_VAL(out_string)[ZSTR_LEN(out_string)] = '\0';
 
 		RETURN_NEW_STR(out_string);
 	}
diff --git a/ext/standard/string.c b/ext/standard/string.c
index 7ee918c2fe..5219df915d 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -5374,7 +5374,7 @@ PHP_FUNCTION(str_pad)
 		return;
 	}
 
-	result = zend_string_safe_alloc(ZSTR_LEN(input), 1, num_pad_chars, 0);
+	result = zend_string_safe_alloc(1, ZSTR_LEN(input), num_pad_chars, 0);
 	ZSTR_LEN(result) = 0;
 
 	/* We need to figure out the left/right padding lengths. */
diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
index 389c42b3de..3fc074dd6a 100644
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -171,7 +171,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
 static zend_string *unserialize_str(const unsigned char **p, size_t len, size_t maxlen)
 {
 	size_t i, j;
-	zend_string *str = zend_string_alloc(len, 0);
+	zend_string *str = zend_string_safe_alloc(1, len, 0, 0);
 	unsigned char *end = *(unsigned char **)p+maxlen;
 
 	if (end < *p) {
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index c7e0581630..81cc26db9d 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -169,7 +169,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
 static zend_string *unserialize_str(const unsigned char **p, size_t len, size_t maxlen)
 {
 	size_t i, j;
-	zend_string *str = zend_string_alloc(len, 0);
+	zend_string *str = zend_string_safe_alloc(1, len, 0, 0);
 	unsigned char *end = *(unsigned char **)p+maxlen;
 
 	if (end < *p) {
-- 
2.40.0