Overview

File php-CVE-2016-4537,4538.patch of Package php5.6060

Index: php-5.6.1/ext/bcmath/bcmath.c
===================================================================
--- php-5.6.1.orig/ext/bcmath/bcmath.c	2016-05-10 10:11:53.259971515 +0200
+++ php-5.6.1/ext/bcmath/bcmath.c	2016-05-10 10:14:02.191974660 +0200
@@ -201,6 +201,21 @@
 }
 /* }}} */
 
+/* {{{ split_bc_num
+   Convert to bc_num detecting scale */
+static bc_num split_bc_num(bc_num num) {
+	bc_num newnum;
+	if (num->n_refs >= 1) {
+		return num;
+	}
+	newnum = _bc_new_num_ex(0, 0, 0);
+	*newnum = *num;
+	newnum->n_refs = 1;
+	num->n_refs--;
+	return newnum;
+}
+/* }}} */
+
 /* {{{ proto string bcadd(string left_operand, string right_operand [, int scale])
    Returns the sum of two arbitrary precision numbers */
 PHP_FUNCTION(bcadd)
@@ -227,6 +242,7 @@
 	bc_add (first, second, &result, scale);
 	
 	if (result->n_scale > scale) {
+		result = split_bc_num(result);
 		result->n_scale = scale;
 	}
 	
@@ -266,6 +282,7 @@
 	bc_sub (first, second, &result, scale);
 
 	if (result->n_scale > scale) {
+		result = split_bc_num(result);
 		result->n_scale = scale;
 	}
 
@@ -305,6 +322,7 @@
 	bc_multiply (first, second, &result, scale TSRMLS_CC);
 
 	if (result->n_scale > scale) {
+		result = split_bc_num(result);
 		result->n_scale = scale;
 	}
 
@@ -345,6 +363,7 @@
 	switch (bc_divide(first, second, &result, scale TSRMLS_CC)) {
 		case 0: /* OK */
 			if (result->n_scale > scale) {
+				result = split_bc_num(result);
 				result->n_scale = scale;
 			}
 			Z_STRVAL_P(return_value) = bc_num2str(result);
@@ -424,8 +443,9 @@
 	scale_int = (int) ((int)scale < 0) ? 0 : scale;
 
 	if (bc_raisemod(first, second, mod, &result, scale_int TSRMLS_CC) != -1) {
-		if (result->n_scale > scale) {
-			result->n_scale = scale;
+		if (result->n_scale > scale_int) {
+			result = split_bc_num(result);
+			result->n_scale = scale_int;
 		}
 		Z_STRVAL_P(return_value) = bc_num2str(result);
 		Z_STRLEN_P(return_value) = strlen(Z_STRVAL_P(return_value));
@@ -468,6 +488,7 @@
 	bc_raise (first, second, &result, scale TSRMLS_CC);
 
 	if (result->n_scale > scale) {
+		result = split_bc_num(result);
 		result->n_scale = scale;
 	}
 
@@ -504,6 +525,7 @@
 	
 	if (bc_sqrt (&result, scale TSRMLS_CC) != 0) {
 		if (result->n_scale > scale) {
+			result = split_bc_num(result);
 			result->n_scale = scale;
 		}
 		Z_STRVAL_P(return_value) = bc_num2str(result);
openSUSE Build Service is sponsored by
Places