From ed40ae2650b2ea8bf79a40cd12b552ecc0b49ccf Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 11 Aug 2003 23:16:54 +0000
Subject: [PATCH] emalloc -> safe_emalloc

---
 ext/ereg/ereg.c                | 12 +++++------
 ext/standard/array.c           | 38 +++++++++++++++++-----------------
 ext/standard/exec.c            |  4 ++--
 ext/standard/file.c            |  6 +++---
 ext/standard/filestat.c        |  2 +-
 ext/standard/formatted_print.c |  4 ++--
 ext/standard/levenshtein.c     |  4 ++--
 ext/standard/metaphone.c       |  4 ++--
 ext/standard/pack.c            |  6 +++---
 ext/standard/reg.c             | 12 +++++------
 ext/standard/scanf.c           |  8 +++----
 ext/standard/string.c          | 16 +++++++-------
 ext/standard/url.c             |  4 ++--
 ext/standard/var.c             |  4 ++--
 ext/standard/versioning.c      |  2 +-
 15 files changed, 63 insertions(+), 63 deletions(-)

diff --git a/ext/ereg/ereg.c b/ext/ereg/ereg.c
index eafc99be12..b31c5f7d85 100644
--- a/ext/ereg/ereg.c
+++ b/ext/ereg/ereg.c
@@ -118,7 +118,7 @@ static void php_reg_eprint(int err, regex_t *re) {
 	/* get the length of the message */
 	buf_len = regerror(REG_ITOA | err, re, NULL, 0);
 	if (buf_len) {
-		buf = (char *)emalloc(buf_len * sizeof(char));
+		buf = (char *)safe_emalloc(buf_len, sizeof(char), 0);
 		if (!buf) return; /* fail silently */
 		/* finally, get the error message */
 		regerror(REG_ITOA | err, re, buf, buf_len);
@@ -130,7 +130,7 @@ static void php_reg_eprint(int err, regex_t *re) {
 	if (len) {
 		TSRMLS_FETCH();
 
-		message = (char *)emalloc((buf_len + len + 2) * sizeof(char));
+		message = (char *)safe_emalloc((buf_len + len + 2), sizeof(char), 0);
 		if (!message) {
 			return; /* fail silently */
 		}
@@ -298,7 +298,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha
 	/* start with a buffer that is twice the size of the stringo
 	   we're doing replacements in */
 	buf_len = 2 * string_len + 1;
-	buf = emalloc(buf_len * sizeof(char));
+	buf = safe_emalloc(buf_len, sizeof(char), 0);
 
 	err = pos = 0;
 	buf[0] = '\0';
@@ -373,7 +373,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha
 				new_l = strlen (buf) + 1;
 				if (new_l + 1 > buf_len) {
 					buf_len = 1 + buf_len + 2 * new_l;
-					nbuf = emalloc(buf_len * sizeof(char));
+					nbuf = safe_emalloc(buf_len, sizeof(char), 0);
 					strcpy(nbuf, buf);
 					efree(buf);
 					buf = nbuf;
@@ -388,7 +388,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha
 			new_l = strlen(buf) + strlen(&string[pos]);
 			if (new_l + 1 > buf_len) {
 				buf_len = new_l + 1; /* now we know exactly how long it is */
-				nbuf = emalloc(buf_len * sizeof(char));
+				nbuf = safe_emalloc(buf_len, sizeof(char), 0);
 				strcpy(nbuf, buf);
 				efree(buf);
 				buf = nbuf;
@@ -607,7 +607,7 @@ PHPAPI PHP_FUNCTION(sql_regcase)
 	}	
 	convert_to_string_ex(string);
 	
-	tmp = emalloc((Z_STRLEN_PP(string) * 4) + 1);
+	tmp = safe_emalloc(Z_STRLEN_PP(string), 4, 1);
 	
 	for (i = j = 0; i < Z_STRLEN_PP(string); i++) {
 		c = (unsigned char) Z_STRVAL_PP(string)[i];
diff --git a/ext/standard/array.c b/ext/standard/array.c
index 0bcbc782e1..335b4d54a2 100644
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -880,7 +880,7 @@ PHP_FUNCTION(min)
 			RETURN_FALSE;
 		}
 	} else {
-		pval ***args = (pval ***) emalloc(sizeof(pval **)*ZEND_NUM_ARGS());
+		pval ***args = (pval ***) safe_emalloc(sizeof(pval **), ZEND_NUM_ARGS(), 0);
 		pval **min, result;
 		int i;
 
@@ -932,7 +932,7 @@ PHP_FUNCTION(max)
 			RETURN_FALSE;
 		}
 	} else {
-		pval ***args = (pval ***) emalloc(sizeof(pval **)*ZEND_NUM_ARGS());
+		pval ***args = (pval ***) safe_emalloc(sizeof(pval **), ZEND_NUM_ARGS(), 0);
 		pval **max, result;
 		int i;
 
@@ -1419,7 +1419,7 @@ PHP_FUNCTION(compact)
 	zval ***args;			/* function arguments array */
 	int i;
 	
-	args = (zval ***)emalloc(ZEND_NUM_ARGS() * sizeof(zval **));
+	args = (zval ***)safe_emalloc(ZEND_NUM_ARGS(), sizeof(zval **), 0);
 	
 	if (zend_get_parameters_array_ex(ZEND_NUM_ARGS(), args) == FAILURE) {
 		efree(args);
@@ -1643,7 +1643,7 @@ static void array_data_shuffle(zval *array TSRMLS_DC)
 		return;
 	}
 
-	elems = (Bucket **)emalloc(n_elems * sizeof(Bucket *));
+	elems = (Bucket **)safe_emalloc(n_elems, sizeof(Bucket *), 0);
 	hash = Z_ARRVAL_P(array);
 	n_left = n_elems;
 
@@ -1818,7 +1818,7 @@ PHP_FUNCTION(array_push)
 	}
 	
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
@@ -1947,7 +1947,7 @@ PHP_FUNCTION(array_unshift)
 	}
 	
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
@@ -1997,7 +1997,7 @@ PHP_FUNCTION(array_splice)
 	}
 	
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
@@ -2026,7 +2026,7 @@ PHP_FUNCTION(array_splice)
 		
 		/* Create the array of replacement elements */
 		repl_num = zend_hash_num_elements(Z_ARRVAL_PP(args[3]));
-		repl = (zval ***)emalloc(repl_num * sizeof(zval **));
+		repl = (zval ***)safe_emalloc(repl_num, sizeof(zval **), 0);
 		for (p=Z_ARRVAL_PP(args[3])->pListHead, i=0; p; p=p->pListNext, i++) {
 			repl[i] = ((zval **)p->pData);
 		}
@@ -2204,7 +2204,7 @@ static void php_array_merge_wrapper(INTERNAL_FUNCTION_PARAMETERS, int recursive)
 	}
 	
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
@@ -2503,7 +2503,7 @@ PHP_FUNCTION(array_pad)
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "You may only pad up to 1048576 elements at a time");
 		RETURN_FALSE;
 	}
-	pads = (zval ***)emalloc(num_pads * sizeof(zval **));
+	pads = (zval ***)safe_emalloc(num_pads, sizeof(zval **), 0);
 	for (i = 0; i < num_pads; i++) {
 		pads[i] = pad_value;
 	}
@@ -2711,14 +2711,14 @@ static void php_array_intersect(INTERNAL_FUNCTION_PARAMETERS, int behavior)
 		WRONG_PARAM_COUNT;
 	}
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
 	}
 	/* for each argument, create and sort list with pointers to the hash buckets */
-	lists = (Bucket ***)emalloc(argc * sizeof(Bucket **));
-	ptrs = (Bucket ***)emalloc(argc * sizeof(Bucket **));
+	lists = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0);
+	ptrs = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0);
 	set_compare_func(SORT_STRING TSRMLS_CC);
 	for (i=0; i<argc; i++) {
 		if (Z_TYPE_PP(args[i]) != IS_ARRAY) {
@@ -2868,14 +2868,14 @@ static void php_array_diff(INTERNAL_FUNCTION_PARAMETERS, int behavior)
 		WRONG_PARAM_COUNT;
 	}
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
 	}
 	/* for each argument, create and sort list with pointers to the hash buckets */
-	lists = (Bucket ***)emalloc(argc * sizeof(Bucket **));
-	ptrs = (Bucket ***)emalloc(argc * sizeof(Bucket **));
+	lists = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0);
+	ptrs = (Bucket ***)safe_emalloc(argc, sizeof(Bucket **), 0);
 	set_compare_func(SORT_STRING TSRMLS_CC);
 	for (i = 0; i < argc; i++) {
 		if (Z_TYPE_PP(args[i]) != IS_ARRAY) {
@@ -3061,7 +3061,7 @@ PHP_FUNCTION(array_multisort)
 	}
 	
 	/* Allocate arguments array and get the arguments, checking for errors. */
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
@@ -3163,9 +3163,9 @@ PHP_FUNCTION(array_multisort)
 	 * of the input arrays + 1. The last column is NULL to indicate the end
 	 * of the row.
 	 */
-	indirect = (Bucket ***)emalloc(array_size * sizeof(Bucket **));
+	indirect = (Bucket ***)safe_emalloc(array_size, sizeof(Bucket **), 0);
 	for (i = 0; i < array_size; i++)
-		indirect[i] = (Bucket **)emalloc((num_arrays+1) * sizeof(Bucket *));
+		indirect[i] = (Bucket **)safe_emalloc((num_arrays+1), sizeof(Bucket *), 0);
 	
 	for (i = 0; i < num_arrays; i++) {
 		k = 0;
diff --git a/ext/standard/exec.c b/ext/standard/exec.c
index eda62caf1c..671f6ffd14 100644
--- a/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@ -263,7 +263,7 @@ char *php_escape_shell_cmd(char *str) {
 	char *p = NULL;
 
 	l = strlen(str);
-	cmd = emalloc(2 * l + 1);
+	cmd = safe_emalloc(2, l, 1);
 	
 	for (x = 0, y = 0; x < l; x++) {
 		switch (str[x]) {
@@ -320,7 +320,7 @@ char *php_escape_shell_arg(char *str) {
 	y = 0;
 	l = strlen(str);
 	
-	cmd = emalloc(4 * l + 3); /* worst case */
+	cmd = safe_emalloc(4, l, 3); /* worst case */
 	
 	cmd[y++] = '\'';
 	
diff --git a/ext/standard/file.c b/ext/standard/file.c
index 6b5c9a30ba..b59c79a802 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -953,7 +953,7 @@ PHPAPI PHP_FUNCTION(fgetc)
 
 	php_stream_from_zval(stream, arg1);
 
-	buf = emalloc(2 * sizeof(char));
+	buf = safe_emalloc(2, sizeof(char), 0);
 
 	result = php_stream_getc(stream);
 
@@ -1019,7 +1019,7 @@ PHPAPI PHP_FUNCTION(fgetss)
 		}
 
 		len = (size_t) Z_LVAL_PP(bytes);
-		buf = emalloc(sizeof(char) * (len + 1));
+		buf = safe_emalloc(sizeof(char), (len + 1), 0);
 		/*needed because recv doesnt set null char at end*/
 		memset(buf, 0, len + 1);
 	}
@@ -1055,7 +1055,7 @@ PHP_FUNCTION(fscanf)
 	if (argCount < 2) {
 		WRONG_PARAM_COUNT;
 	}
-	args = (zval ***)emalloc(argCount * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argCount, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argCount, args) == FAILURE) {
 		efree( args );
 		WRONG_PARAM_COUNT;
diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c
index 6f83dc09a3..184bf7c974 100644
--- a/ext/standard/filestat.c
+++ b/ext/standard/filestat.c
@@ -644,7 +644,7 @@ static void php_stat(const char *filename, php_stat_len filename_length, int typ
 
 			groups = getgroups(0, NULL);
 			if(groups) {
-				gids=(gid_t *)emalloc(groups*sizeof(gid_t));
+				gids=(gid_t *)safe_emalloc(groups, sizeof(gid_t), 0);
 				n=getgroups(groups, gids);
 				for(i=0;i<n;i++){
 					if(BG(sb).st_gid==gids[i]) {
diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c
index 83594a8400..4d141afc45 100644
--- a/ext/standard/formatted_print.c
+++ b/ext/standard/formatted_print.c
@@ -471,7 +471,7 @@ php_formatted_print(int ht, int *len, int use_array, int format_offset TSRMLS_DC
 			|| (!use_array && argc < (1 + format_offset))) {
 		WRONG_PARAM_COUNT_WITH_RETVAL(NULL);
 	}
-	args = (zval ***)emalloc(argc * sizeof(zval *));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval *), 0);
 
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
@@ -490,7 +490,7 @@ php_formatted_print(int ht, int *len, int use_array, int format_offset TSRMLS_DC
 		convert_to_array_ex(array);
 		
 		argc = 1 + zend_hash_num_elements(Z_ARRVAL_PP(array));
-		newargs = (zval ***)emalloc(argc * sizeof(zval *));
+		newargs = (zval ***)safe_emalloc(argc, sizeof(zval *), 0);
 		newargs[0] = z_format;
 		
 		for (zend_hash_internal_pointer_reset(Z_ARRVAL_PP(array));
diff --git a/ext/standard/levenshtein.c b/ext/standard/levenshtein.c
index 1d447ef745..bf99059b7f 100644
--- a/ext/standard/levenshtein.c
+++ b/ext/standard/levenshtein.c
@@ -40,10 +40,10 @@ static int reference_levdist(const char *s1, int l1,
 	if((l1>LEVENSHTEIN_MAX_LENTH)||(l2>LEVENSHTEIN_MAX_LENTH))
 		return -1;
 
-	if(!(p1=emalloc((l2+1)*sizeof(int)))) {
+	if(!(p1=safe_emalloc((l2+1), sizeof(int), 0))) {
 		return -2;
 	}
-	if(!(p2=emalloc((l2+1)*sizeof(int)))) {
+	if(!(p2=safe_emalloc((l2+1), sizeof(int), 0))) {
 		free(p1);
 		return -2;
 	}
diff --git a/ext/standard/metaphone.c b/ext/standard/metaphone.c
index db985c282e..829164350e 100644
--- a/ext/standard/metaphone.c
+++ b/ext/standard/metaphone.c
@@ -183,10 +183,10 @@ static int metaphone(char *word, int word_len, int max_phonemes, char **phoned_w
 /*-- Allocate memory for our phoned_phrase --*/
 	if (max_phonemes == 0) {	/* Assume largest possible */
 		max_buffer_len = word_len;
-		*phoned_word = emalloc(sizeof(char) * word_len + 1);
+		*phoned_word = safe_emalloc(sizeof(char), word_len, 1);
 	} else {
 		max_buffer_len = max_phonemes;
-		*phoned_word = emalloc(sizeof(char) * max_phonemes + 1);
+		*phoned_word = safe_emalloc(sizeof(char), max_phonemes, 1);
 	}
 
 
diff --git a/ext/standard/pack.c b/ext/standard/pack.c
index 8a5a97678a..5678ecbbf8 100644
--- a/ext/standard/pack.c
+++ b/ext/standard/pack.c
@@ -120,7 +120,7 @@ PHP_FUNCTION(pack)
 		WRONG_PARAM_COUNT;
 	}
 
-	argv = emalloc(argc * sizeof(zval **));
+	argv = safe_emalloc(argc, sizeof(zval **), 0);
 
 	if (zend_get_parameters_array_ex(argc, argv) == FAILURE) {
 		efree(argv);
@@ -132,8 +132,8 @@ PHP_FUNCTION(pack)
 	formatlen = Z_STRLEN_PP(argv[0]);
 
 	/* We have a maximum of <formatlen> format codes to deal with */
-	formatcodes = emalloc(formatlen * sizeof(*formatcodes));
-	formatargs = emalloc(formatlen * sizeof(*formatargs));
+	formatcodes = safe_emalloc(formatlen, sizeof(*formatcodes), 0);
+	formatargs = safe_emalloc(formatlen, sizeof(*formatargs), 0);
 	currentarg = 1;
 
 	/* Preprocess format into formatcodes and formatargs */
diff --git a/ext/standard/reg.c b/ext/standard/reg.c
index eafc99be12..b31c5f7d85 100644
--- a/ext/standard/reg.c
+++ b/ext/standard/reg.c
@@ -118,7 +118,7 @@ static void php_reg_eprint(int err, regex_t *re) {
 	/* get the length of the message */
 	buf_len = regerror(REG_ITOA | err, re, NULL, 0);
 	if (buf_len) {
-		buf = (char *)emalloc(buf_len * sizeof(char));
+		buf = (char *)safe_emalloc(buf_len, sizeof(char), 0);
 		if (!buf) return; /* fail silently */
 		/* finally, get the error message */
 		regerror(REG_ITOA | err, re, buf, buf_len);
@@ -130,7 +130,7 @@ static void php_reg_eprint(int err, regex_t *re) {
 	if (len) {
 		TSRMLS_FETCH();
 
-		message = (char *)emalloc((buf_len + len + 2) * sizeof(char));
+		message = (char *)safe_emalloc((buf_len + len + 2), sizeof(char), 0);
 		if (!message) {
 			return; /* fail silently */
 		}
@@ -298,7 +298,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha
 	/* start with a buffer that is twice the size of the stringo
 	   we're doing replacements in */
 	buf_len = 2 * string_len + 1;
-	buf = emalloc(buf_len * sizeof(char));
+	buf = safe_emalloc(buf_len, sizeof(char), 0);
 
 	err = pos = 0;
 	buf[0] = '\0';
@@ -373,7 +373,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha
 				new_l = strlen (buf) + 1;
 				if (new_l + 1 > buf_len) {
 					buf_len = 1 + buf_len + 2 * new_l;
-					nbuf = emalloc(buf_len * sizeof(char));
+					nbuf = safe_emalloc(buf_len, sizeof(char), 0);
 					strcpy(nbuf, buf);
 					efree(buf);
 					buf = nbuf;
@@ -388,7 +388,7 @@ PHPAPI char *php_reg_replace(const char *pattern, const char *replace, const cha
 			new_l = strlen(buf) + strlen(&string[pos]);
 			if (new_l + 1 > buf_len) {
 				buf_len = new_l + 1; /* now we know exactly how long it is */
-				nbuf = emalloc(buf_len * sizeof(char));
+				nbuf = safe_emalloc(buf_len, sizeof(char), 0);
 				strcpy(nbuf, buf);
 				efree(buf);
 				buf = nbuf;
@@ -607,7 +607,7 @@ PHPAPI PHP_FUNCTION(sql_regcase)
 	}	
 	convert_to_string_ex(string);
 	
-	tmp = emalloc((Z_STRLEN_PP(string) * 4) + 1);
+	tmp = safe_emalloc(Z_STRLEN_PP(string), 4, 1);
 	
 	for (i = j = 0; i < Z_STRLEN_PP(string); i++) {
 		c = (unsigned char) Z_STRVAL_PP(string)[i];
diff --git a/ext/standard/scanf.c b/ext/standard/scanf.c
index a30f267135..832272134e 100644
--- a/ext/standard/scanf.c
+++ b/ext/standard/scanf.c
@@ -175,9 +175,9 @@ static char * BuildCharSet(CharSet *cset, char *format)
 		ch = end++;
 	}
 
-	cset->chars = (char *) emalloc(sizeof(char) * (end - format - 1));
+	cset->chars = (char *) safe_emalloc(sizeof(char), (end - format - 1), 0);
 	if (nranges > 0) {
-		cset->ranges = (struct Range *) emalloc(sizeof(struct Range)*nranges);
+		cset->ranges = (struct Range *) safe_emalloc(sizeof(struct Range), nranges, 0);
 	} else {
 		cset->ranges = NULL;
 	}
@@ -337,7 +337,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs)
 	 */
 
 	if (numVars > nspace) {
-		nassign = (int*)emalloc(sizeof(int) * numVars);
+		nassign = (int*)safe_emalloc(sizeof(int), numVars, 0);
 		nspace = numVars;
 	}
 	for (i = 0; i < nspace; i++) {
@@ -513,7 +513,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs)
 					nspace += STATIC_LIST_SIZE;
 				}
 				if (nassign == staticAssign) {
-					nassign = (void *)emalloc(nspace * sizeof(int));
+					nassign = (void *)safe_emalloc(nspace, sizeof(int), 0);
 					for (i = 0; i < STATIC_LIST_SIZE; ++i) {
 						nassign[i] = staticAssign[i];
 					}
diff --git a/ext/standard/string.c b/ext/standard/string.c
index c8fc17afef..ae1f71c364 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -118,7 +118,7 @@ static char *php_bin2hex(const unsigned char *old, const size_t oldlen, size_t *
 	register unsigned char *result = NULL;
 	size_t i, j;
 
-	result = (char *) emalloc(oldlen * 2 * sizeof(char) + 1);
+	result = (char *) safe_emalloc(oldlen * 2, sizeof(char), 1);
 	
 	for (i = j = 0; i < oldlen; i++) {
 		result[j++] = hexconvtab[old[i] >> 4];
@@ -1707,7 +1707,7 @@ static char *php_chunk_split(char *src, int srclen, char *end, int endlen, int c
 	chunks = srclen / chunklen;
 	restlen = srclen - chunks * chunklen; /* srclen % chunklen */
 
-	dest = emalloc((srclen + (chunks + 1) * endlen + 1) * sizeof(char));
+	dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1), sizeof(char), 0);
 
 	for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
 		memcpy(q, p, chunklen);
@@ -2100,7 +2100,7 @@ PHP_FUNCTION(quotemeta)
 		RETURN_FALSE;
 	}
 	
-	str = emalloc(2 * Z_STRLEN_PP(arg) + 1);
+	str = safe_emalloc(2, Z_STRLEN_PP(arg), 1);
 	
 	for (p = old, q = str; p != old_end; p++) {
 		c = *p;
@@ -2727,7 +2727,7 @@ PHPAPI void php_stripcslashes(char *str, int *len)
 PHPAPI char *php_addcslashes(char *str, int length, int *new_length, int should_free, char *what, int wlength TSRMLS_DC)
 {
 	char flags[256];
-	char *new_str = emalloc((length?length:(length=strlen(str)))*4+1); 
+	char *new_str = safe_emalloc(4, (length?length:(length=strlen(str))), 1);
 	char *source, *target;
 	char *end;
 	char c;
@@ -2795,7 +2795,7 @@ PHPAPI char *php_addslashes(char *str, int length, int *new_length, int should_f
 		*new_length = 0;
 		return str;
 	}
-	new_str = (char *) emalloc((length ? length : (length = strlen(str))) * 2 + 1);
+	new_str = (char *) safe_emalloc(2, (length ? length : (length = strlen(str))), 1);
 	source = str;
 	end = source + length;
 	target = new_str;
@@ -2948,7 +2948,7 @@ PHPAPI char *php_str_to_str_ex(char *haystack, int length,
 			if (str_len < needle_len) {
 				new_str = emalloc(length + 1);
 			} else {
-				new_str = emalloc((length / needle_len + 1) * str_len);
+				new_str = safe_emalloc((length / needle_len + 1), str_len, 0);
 			}
 
 			e = s = new_str;
@@ -3553,7 +3553,7 @@ PHP_FUNCTION(strip_tags)
    Set locale information */
 PHP_FUNCTION(setlocale)
 {
-	pval ***args = (pval ***) emalloc(sizeof(pval **)*ZEND_NUM_ARGS());
+	pval ***args = (pval ***) safe_emalloc(sizeof(pval **), ZEND_NUM_ARGS(), 0);
 	zval **pcategory, **plocale;
 	int i, cat, n_args=ZEND_NUM_ARGS();
 	char *loc, *retval;
@@ -4409,7 +4409,7 @@ PHP_FUNCTION(sscanf)
 		WRONG_PARAM_COUNT;
 	}
 
-	args = (zval ***) emalloc(argc * sizeof(zval **));
+	args = (zval ***) safe_emalloc(argc, sizeof(zval **), 0);
 	if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
diff --git a/ext/standard/url.c b/ext/standard/url.c
index 541530c074..3da9f66d94 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -369,7 +369,7 @@ PHPAPI char *php_url_encode(char *s, int len, int *new_length)
 	
 	from = s;
 	end = s + len;
-	start = to = (unsigned char *) emalloc(3 * len + 1);
+	start = to = (unsigned char *) safe_emalloc(3, len, 1);
 
 	while (from < end) {
 		c = *from++;
@@ -476,7 +476,7 @@ PHPAPI char *php_raw_url_encode(char *s, int len, int *new_length)
 	register int x, y;
 	unsigned char *str;
 
-	str = (unsigned char *) emalloc(3 * len + 1);
+	str = (unsigned char *) safe_emalloc(3, len, 1);
 	for (x = 0, y = 0; len--; x++, y++) {
 		str[y] = (unsigned char) s[x];
 #ifndef CHARSET_EBCDIC
diff --git a/ext/standard/var.c b/ext/standard/var.c
index eac33b05d3..a2fcdb4755 100644
--- a/ext/standard/var.c
+++ b/ext/standard/var.c
@@ -141,7 +141,7 @@ PHP_FUNCTION(var_dump)
 	
 	argc = ZEND_NUM_ARGS();
 	
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (ZEND_NUM_ARGS() == 0 || zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
@@ -245,7 +245,7 @@ PHP_FUNCTION(debug_zval_dump)
 	
 	argc = ZEND_NUM_ARGS();
 	
-	args = (zval ***)emalloc(argc * sizeof(zval **));
+	args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
 	if (ZEND_NUM_ARGS() == 0 || zend_get_parameters_array_ex(argc, args) == FAILURE) {
 		efree(args);
 		WRONG_PARAM_COUNT;
diff --git a/ext/standard/versioning.c b/ext/standard/versioning.c
index 6a259dc035..70c04dab05 100644
--- a/ext/standard/versioning.c
+++ b/ext/standard/versioning.c
@@ -34,7 +34,7 @@ PHPAPI char *
 php_canonicalize_version(const char *version)
 {
     int len = strlen(version);
-    char *buf = emalloc(len * 2 + 1), *q, lp, lq;
+    char *buf = safe_emalloc(len, 2, 1), *q, lp, lq;
     const char *p;
 
     if (len == 0) {
-- 
2.40.0