Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:rkwasny
php
php-5.1.2-emalloc-overflows.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.1.2-emalloc-overflows.patch of Package php
--- ext/iconv/iconv.c +++ ext/iconv/iconv.c @@ -965,7 +965,7 @@ goto out; } - buf = emalloc(max_line_len + 5); + buf = safe_emalloc(1, max_line_len, 5); char_cnt = max_line_len; --- ext/mhash/mhash.c +++ ext/mhash/mhash.c @@ -229,7 +229,7 @@ keystruct.salt = salt; keystruct.salt_size = salt_len; - ret = emalloc(bytes + 1); + ret = safe_emalloc(1, bytes, 1); if (mhash_keygen_ext(KEYGEN_S2K_SALTED, keystruct, ret, bytes, password, password_len) >= 0) { ret[bytes] = '\0'; --- ext/standard/streamsfuncs.c +++ ext/standard/streamsfuncs.c @@ -357,7 +357,7 @@ RETURN_FALSE; } - read_buf = emalloc(to_read + 1); + read_buf = safe_emalloc(1, to_read, 1); recvd = php_stream_xport_recvfrom(stream, read_buf, to_read, flags, NULL, NULL, zremote ? &Z_STRVAL_P(zremote) : NULL, --- ext/standard/string.c +++ ext/standard/string.c @@ -3647,7 +3647,7 @@ /* in brief this inserts <br /> before matched regexp \n\r?|\r\n? */ zval **zstr; char *tmp, *str; - int new_length; + size_t new_length; char *end, *target; int repl_cnt = 0; @@ -3683,7 +3683,8 @@ } new_length = Z_STRLEN_PP(zstr) + repl_cnt * (sizeof("<br />") - 1); - tmp = target = emalloc(new_length + 1); + tmp = target = safe_emalloc(repl_cnt, sizeof("<br />") - 1, + Z_STRLEN_PP(zstr) + 1); str = Z_STRVAL_PP(zstr); --- ext/sysvmsg/sysvmsg.c +++ ext/sysvmsg/sysvmsg.c @@ -312,7 +312,7 @@ ZEND_FETCH_RESOURCE(mq, sysvmsg_queue_t *, &queue, -1, "sysvmsg queue", le_sysvmsg); - messagebuffer = (struct php_msgbuf *) emalloc(sizeof(struct php_msgbuf) + maxsize); + messagebuffer = (struct php_msgbuf *) safe_emalloc(maxsize, 1, sizeof(struct php_msgbuf)); result = msgrcv(mq->id, messagebuffer, maxsize, desiredmsgtype, realflags); @@ -387,7 +387,7 @@ /* NB: php_msgbuf is 1 char bigger than a long, so there is no need to * allocate the extra byte. */ - messagebuffer = emalloc(sizeof(struct php_msgbuf) + msg_var.len); + messagebuffer = safe_emalloc(msg_var.len, 1, sizeof(struct php_msgbuf)); memcpy(messagebuffer->mtext, msg_var.c, msg_var.len + 1); message_len = msg_var.len; smart_str_free(&msg_var); @@ -413,7 +413,7 @@ RETURN_FALSE; } - messagebuffer = emalloc(sizeof(struct php_msgbuf) + message_len); + messagebuffer = safe_emalloc(message_len, 1, sizeof(struct php_msgbuf)); memcpy(messagebuffer->mtext, p, message_len + 1); if (Z_TYPE_P(message) != IS_STRING) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor