[PHP-CVS] cvs: php-src /ext/standard string.c

Wed, 06 Jun 2007 13:16:40 -0700 

stas            Wed Jun  6 20:06:43 2007 UTC

  Modified files:              
    /php-src/ext/standard       string.c 
  Log:
  MF5: Fix chunk_split fix - avoid using floats
  MF5: Fix money_format - don't give strfmon more arguments then supplied
  MF5: Fix str[c]spn integer overflow
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641&diff_format=u
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.640 php-src/ext/standard/string.c:1.641
--- php-src/ext/standard/string.c:1.640 Tue Jun  5 13:37:05 2007
+++ php-src/ext/standard/string.c       Wed Jun  6 20:06:43 2007
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.640 2007/06/05 13:37:05 tony2001 Exp $ */
+/* $Id: string.c,v 1.641 2007/06/06 20:06:43 stas Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -249,10 +249,14 @@
                }
        }
 
-       if (((unsigned) start + (unsigned) len) > len1) {
+       if (len > len1 - start) {
                len = len1 - start;
        }
 
+       if(len == 0) {
+               RETURN_LONG(0);
+       }
+
        if (type1 == IS_UNICODE) {
                UChar *u_start, *u_end;
                int32_t i = 0;
@@ -3083,7 +3087,7 @@
        int chunks; /* complete chunks! */
        int restlen;
        int charsize = sizeof(char);
-       float out_len;
+       int out_len;
 
        if (str_type == IS_UNICODE) {
                charsize = sizeof(UChar);
@@ -3092,15 +3096,24 @@
        chunks = srclen / chunklen;
        restlen = srclen - chunks * chunklen; /* srclen % chunklen */
 
+       if(chunks > INT_MAX - 1) {
+               return NULL;
+       }
        out_len = chunks + 1;
+       if(endlen !=0 && out_len > INT_MAX/endlen) {
+               return NULL;
+       }
        out_len *= endlen;
+       if(out_len > INT_MAX - srclen - 1) {
+               return NULL;
+       }
        out_len += srclen + 1;
 
-       if ((out_len > INT_MAX || out_len <= 0) || ((out_len * charsize) > 
INT_MAX || (out_len * charsize) <= 0)) {
+       if (out_len > INT_MAX/charsize) {
                return NULL;
        }
 
-       dest = safe_emalloc((int)out_len, charsize, 0);
+       dest = safe_emalloc(out_len, charsize, 0);
 
        for (p = src, q = dest; p < (src + charsize * (srclen - chunklen + 1)); 
) {
                memcpy(q, p, chunklen * charsize);
@@ -7654,13 +7667,28 @@
 PHP_FUNCTION(money_format)
 {
        int format_len = 0, str_len;
-       char *format, *str;
+       char *format, *str, *p, *e;
        double value;
+       zend_bool check = 0;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sd", &format, 
&format_len, &value) == FAILURE) {
                return;
        }
 
+       p = format;
+       e = p + format_len;
+       while ((p = memchr(p, '%', (e - p)))) {
+               if (*(p + 1) == '%') {
+                       p += 2; 
+               } else if (!check) {
+                       check = 1;
+                       p++;
+               } else {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only a 
single %%i or %%n token can be used");
+                       RETURN_FALSE;
+               }
+       }
+
        str_len = format_len + 1024;
        str = emalloc(str_len);
        if ((str_len = strfmon(str, str_len, format, value)) < 0) {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to