Overview

File php-5.1.2-CVE-2007-2872.patch of Package php

--- ext/standard/string.c	2007/05/24 21:29:27	1.445.2.14.2.57
+++ ext/standard/string.c	2007/06/03 18:47:10	1.445.2.14.2.59
@@ -1956,11 +1956,20 @@
 	char *p, *q;
 	int chunks; /* complete chunks! */
 	int restlen;
+	float out_len; 
 
 	chunks = srclen / chunklen;
 	restlen = srclen - chunks * chunklen; /* srclen % chunklen */
 
-	dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1), sizeof(char), 0);
+	out_len = chunks + 1;
+	out_len *= endlen;
+	out_len += srclen + 1;
+
+	if (out_len > INT_MAX || out_len <= 0) {
+		return NULL;
+	}
+
+	dest = safe_emalloc((int)out_len, sizeof(char), 0);
 
 	for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
 		memcpy(q, p, chunklen);
openSUSE Build Service is sponsored by
Places