iliaa Tue Dec 26 17:40:20 2006 UTC Modified files: /ZendEngine2 zend_ini.c zend_ini.h /php-src/ext/exif exif.c /php-src/ext/interbase ibase_query.c /php-src/ext/json json.c /php-src/ext/pdo_dblib dblib_driver.c dblib_stmt.c /php-src/ext/pgsql pgsql.c /php-src/ext/soap php_encoding.c /php-src/ext/spl spl_directory.c /php-src/ext/standard uuencode.c var.c /php-src/main main.c Log: MFB: safety checks
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.50&r2=1.51&diff_format=u Index: ZendEngine2/zend_ini.c diff -u ZendEngine2/zend_ini.c:1.50 ZendEngine2/zend_ini.c:1.51 --- ZendEngine2/zend_ini.c:1.50 Fri Dec 22 21:38:12 2006 +++ ZendEngine2/zend_ini.c Tue Dec 26 17:40:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_ini.c,v 1.50 2006/12/22 21:38:12 andrei Exp $ */ +/* $Id: zend_ini.c,v 1.51 2006/12/26 17:40:20 iliaa Exp $ */ #include "zend.h" #include "zend_qsort.h" @@ -530,6 +530,28 @@ *p = zend_atoi(new_value, new_value_length); return SUCCESS; } +ZEND_API ZEND_INI_MH(OnUpdateLongGEZero) +{ + long *p, tmp; +#ifndef ZTS + char *base = (char *) mh_arg2; +#else + char *base; + + base = (char *) ts_resource(*((int *) mh_arg2)); +#endif + + tmp = zend_atoi(new_value, new_value_length); + if (tmp < 0) { + return FAILURE; + } + + p = (long *) (base+(size_t) mh_arg1); + *p = tmp; + + return SUCCESS; +} + ZEND_API ZEND_INI_MH(OnUpdateReal) http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?r1=1.38&r2=1.39&diff_format=u Index: ZendEngine2/zend_ini.h diff -u ZendEngine2/zend_ini.h:1.38 ZendEngine2/zend_ini.h:1.39 --- ZendEngine2/zend_ini.h:1.38 Fri Dec 22 21:38:12 2006 +++ ZendEngine2/zend_ini.h Tue Dec 26 17:40:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_ini.h,v 1.38 2006/12/22 21:38:12 andrei Exp $ */ +/* $Id: zend_ini.h,v 1.39 2006/12/26 17:40:20 iliaa Exp $ */ #ifndef ZEND_INI_H #define ZEND_INI_H @@ -175,6 +175,7 @@ BEGIN_EXTERN_C() ZEND_API ZEND_INI_MH(OnUpdateBool); ZEND_API ZEND_INI_MH(OnUpdateLong); +ZEND_API ZEND_INI_MH(OnUpdateLongGEZero); ZEND_API ZEND_INI_MH(OnUpdateReal); ZEND_API ZEND_INI_MH(OnUpdateString); ZEND_API ZEND_INI_MH(OnUpdateStringUnempty); http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.186&r2=1.187&diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.186 php-src/ext/exif/exif.c:1.187 --- php-src/ext/exif/exif.c:1.186 Mon Dec 25 16:49:04 2006 +++ php-src/ext/exif/exif.c Tue Dec 26 17:40:20 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: exif.c,v 1.186 2006/12/25 16:49:04 iliaa Exp $ */ +/* $Id: exif.c,v 1.187 2006/12/26 17:40:20 iliaa Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION "1.4 $Id: exif.c,v 1.186 2006/12/25 16:49:04 iliaa Exp $" +#define EXIF_VERSION "1.4 $Id: exif.c,v 1.187 2006/12/26 17:40:20 iliaa Exp $" /* {{{ PHP_MINFO_FUNCTION */ @@ -3569,7 +3569,7 @@ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data ? "Ignore" : "Read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size); #endif if (!ImageInfo->Thumbnail.data) { - ImageInfo->Thumbnail.data = emalloc(ImageInfo->Thumbnail.size); + ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0); php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET); fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); if (fgot < ImageInfo->Thumbnail.size) { @@ -3602,7 +3602,7 @@ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data ? "Ignore" : "Read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size); #endif if (!ImageInfo->Thumbnail.data && ImageInfo->Thumbnail.offset && ImageInfo->Thumbnail.size && ImageInfo->read_thumbnail) { - ImageInfo->Thumbnail.data = emalloc(ImageInfo->Thumbnail.size); + ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0); php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET); fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); if (fgot < ImageInfo->Thumbnail.size) { http://cvs.php.net/viewvc.cgi/php-src/ext/interbase/ibase_query.c?r1=1.26&r2=1.27&diff_format=u Index: php-src/ext/interbase/ibase_query.c diff -u php-src/ext/interbase/ibase_query.c:1.26 php-src/ext/interbase/ibase_query.c:1.27 --- php-src/ext/interbase/ibase_query.c:1.26 Thu Nov 30 16:21:36 2006 +++ php-src/ext/interbase/ibase_query.c Tue Dec 26 17:40:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: ibase_query.c,v 1.26 2006/11/30 16:21:36 iliaa Exp $ */ +/* $Id: ibase_query.c,v 1.27 2006/12/26 17:40:20 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -1146,7 +1146,7 @@ break; } } else if (bind_n > 0) { - bind_args = (zval ***) emalloc(sizeof(zval **) * ZEND_NUM_ARGS()); + bind_args = (zval ***) safe_emalloc(sizeof(zval **), ZEND_NUM_ARGS(), 0); if (FAILURE == zend_get_parameters_array_ex(ZEND_NUM_ARGS(), bind_args)) { break; http://cvs.php.net/viewvc.cgi/php-src/ext/json/json.c?r1=1.20&r2=1.21&diff_format=u Index: php-src/ext/json/json.c diff -u php-src/ext/json/json.c:1.20 php-src/ext/json/json.c:1.21 --- php-src/ext/json/json.c:1.20 Tue Dec 19 15:01:57 2006 +++ php-src/ext/json/json.c Tue Dec 26 17:40:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: json.c,v 1.20 2006/12/19 15:01:57 nlopess Exp $ */ +/* $Id: json.c,v 1.21 2006/12/26 17:40:20 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -242,7 +242,7 @@ if (type == IS_UNICODE) { utf16 = (unsigned short *) s.u; } else { - utf16 = (unsigned short *) emalloc(len * sizeof(unsigned short)); + utf16 = (unsigned short *) safe_emalloc(len, sizeof(unsigned short), 0); len = utf8_to_utf16(utf16, s.s, len); if (len <= 0) @@ -443,7 +443,7 @@ utf16 = str.u; utf16_len = str_len; } else { - utf16 = (unsigned short *) emalloc((str_len+1) * sizeof(unsigned short)); + utf16 = (unsigned short *) safe_emalloc((str_len+1), sizeof(unsigned short), 0); utf16_len = utf8_to_utf16(utf16, str.s, str_len); if (utf16_len <= 0) http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_dblib/dblib_driver.c?r1=1.12&r2=1.13&diff_format=u Index: php-src/ext/pdo_dblib/dblib_driver.c diff -u php-src/ext/pdo_dblib/dblib_driver.c:1.12 php-src/ext/pdo_dblib/dblib_driver.c:1.13 --- php-src/ext/pdo_dblib/dblib_driver.c:1.12 Sun Jan 1 13:09:52 2006 +++ php-src/ext/pdo_dblib/dblib_driver.c Tue Dec 26 17:40:20 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: dblib_driver.c,v 1.12 2006/01/01 13:09:52 sniper Exp $ */ +/* $Id: dblib_driver.c,v 1.13 2006/12/26 17:40:20 iliaa Exp $ */ #ifdef HAVE_CONFIG_H # include "config.h" @@ -144,7 +144,7 @@ char *q; int l = 1; - *quoted = q = emalloc(2 * unquotedlen + 3); + *quoted = q = safe_emalloc(2, unquotedlen, 3); *q++ = '\''; while (unquotedlen--) { http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_dblib/dblib_stmt.c?r1=1.8&r2=1.9&diff_format=u Index: php-src/ext/pdo_dblib/dblib_stmt.c diff -u php-src/ext/pdo_dblib/dblib_stmt.c:1.8 php-src/ext/pdo_dblib/dblib_stmt.c:1.9 --- php-src/ext/pdo_dblib/dblib_stmt.c:1.8 Sun Jan 1 13:09:52 2006 +++ php-src/ext/pdo_dblib/dblib_stmt.c Tue Dec 26 17:40:20 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: dblib_stmt.c,v 1.8 2006/01/01 13:09:52 sniper Exp $ */ +/* $Id: dblib_stmt.c,v 1.9 2006/12/26 17:40:20 iliaa Exp $ */ #ifdef HAVE_CONFIG_H # include "config.h" @@ -131,7 +131,7 @@ arows = 100; size = S->ncols * sizeof(pdo_dblib_colval); - S->rows = emalloc(arows * size); + S->rows = safe_emalloc(arows, size, 0); /* let's fetch all the data */ do { http://cvs.php.net/viewvc.cgi/php-src/ext/pgsql/pgsql.c?r1=1.360&r2=1.361&diff_format=u Index: php-src/ext/pgsql/pgsql.c diff -u php-src/ext/pgsql/pgsql.c:1.360 php-src/ext/pgsql/pgsql.c:1.361 --- php-src/ext/pgsql/pgsql.c:1.360 Wed Nov 29 15:47:41 2006 +++ php-src/ext/pgsql/pgsql.c Tue Dec 26 17:40:20 2006 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: pgsql.c,v 1.360 2006/11/29 15:47:41 iliaa Exp $ */ +/* $Id: pgsql.c,v 1.361 2006/12/26 17:40:20 iliaa Exp $ */ #include <stdlib.h> @@ -2098,7 +2098,7 @@ Bucket *p; fci.param_count = 0; - fci.params = emalloc(sizeof(zval*) * ht->nNumOfElements); + fci.params = safe_emalloc(sizeof(zval*), ht->nNumOfElements, 0); p = ht->pListHead; while (p != NULL) { fci.params[fci.param_count++] = (zval**)p->pData; http://cvs.php.net/viewvc.cgi/php-src/ext/soap/php_encoding.c?r1=1.149&r2=1.150&diff_format=u Index: php-src/ext/soap/php_encoding.c diff -u php-src/ext/soap/php_encoding.c:1.149 php-src/ext/soap/php_encoding.c:1.150 --- php-src/ext/soap/php_encoding.c:1.149 Tue Dec 19 11:55:16 2006 +++ php-src/ext/soap/php_encoding.c Tue Dec 26 17:40:20 2006 @@ -17,7 +17,7 @@ | Dmitry Stogov <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: php_encoding.c,v 1.149 2006/12/19 11:55:16 dmitry Exp $ */ +/* $Id: php_encoding.c,v 1.150 2006/12/26 17:40:20 iliaa Exp $ */ #include <time.h> @@ -941,7 +941,7 @@ convert_to_double(&tmp); } - str = (char *) emalloc(MAX_LENGTH_OF_DOUBLE + EG(precision) + 1); + str = (char *) safe_emalloc(EG(precision), 1, MAX_LENGTH_OF_DOUBLE + 1); php_gcvt(Z_DVAL(tmp), EG(precision), '.', 'E', str); xmlNodeSetContentLen(ret, BAD_CAST(str), strlen(str)); efree(str); http://cvs.php.net/viewvc.cgi/php-src/ext/spl/spl_directory.c?r1=1.106&r2=1.107&diff_format=u Index: php-src/ext/spl/spl_directory.c diff -u php-src/ext/spl/spl_directory.c:1.106 php-src/ext/spl/spl_directory.c:1.107 --- php-src/ext/spl/spl_directory.c:1.106 Wed Dec 20 23:30:23 2006 +++ php-src/ext/spl/spl_directory.c Tue Dec 26 17:40:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: spl_directory.c,v 1.106 2006/12/20 23:30:23 helly Exp $ */ +/* $Id: spl_directory.c,v 1.107 2006/12/26 17:40:20 iliaa Exp $ */ #ifdef HAVE_CONFIG_H # include "config.h" @@ -1363,7 +1363,7 @@ } if (intern->u.file.max_line_len > 0) { - buf = emalloc((intern->u.file.max_line_len + 1) * sizeof(char)); + buf = safe_emalloc((intern->u.file.max_line_len + 1), sizeof(char), 0); if (php_stream_get_line(intern->u.file.stream, ZSTR(buf), intern->u.file.max_line_len, &line_len) == NULL) { efree(buf); buf = NULL; http://cvs.php.net/viewvc.cgi/php-src/ext/standard/uuencode.c?r1=1.9&r2=1.10&diff_format=u Index: php-src/ext/standard/uuencode.c diff -u php-src/ext/standard/uuencode.c:1.9 php-src/ext/standard/uuencode.c:1.10 --- php-src/ext/standard/uuencode.c:1.9 Sun Oct 8 13:34:24 2006 +++ php-src/ext/standard/uuencode.c Tue Dec 26 17:40:20 2006 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: uuencode.c,v 1.9 2006/10/08 13:34:24 bjori Exp $ */ +/* $Id: uuencode.c,v 1.10 2006/12/26 17:40:20 iliaa Exp $ */ /* * Portions of this code are based on Berkeley's uuencode/uudecode @@ -71,7 +71,7 @@ char *p, *s, *e, *ee; /* encoded length is ~ 38% greater then the original */ - p = *dest = emalloc((ceil(src_len * 1.38) + 45 + 1)); + p = *dest = safe_emalloc(ceil(src_len * 1.38), 1, 46); s = src; e = src + src_len; @@ -128,7 +128,7 @@ int len, total_len=0; char *s, *e, *p, *ee; - p = *dest = emalloc(ceil(src_len * 0.75) + 1); + p = *dest = safe_emalloc(ceil(src_len * 0.75), 1, 1); s = src; e = src + src_len; http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var.c?r1=1.257&r2=1.258&diff_format=u Index: php-src/ext/standard/var.c diff -u php-src/ext/standard/var.c:1.257 php-src/ext/standard/var.c:1.258 --- php-src/ext/standard/var.c:1.257 Fri Dec 22 00:47:27 2006 +++ php-src/ext/standard/var.c Tue Dec 26 17:40:20 2006 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: var.c,v 1.257 2006/12/22 00:47:27 helly Exp $ */ +/* $Id: var.c,v 1.258 2006/12/26 17:40:20 iliaa Exp $ */ @@ -944,7 +944,7 @@ char *s; smart_str_appendl(buf, "d:", 2); - s = (char *) emalloc(MAX_LENGTH_OF_DOUBLE + PG(serialize_precision) + 1); + s = (char *) safe_emalloc(PG(serialize_precision), 1, MAX_LENGTH_OF_DOUBLE + 1); php_gcvt(Z_DVAL_P(struc), PG(serialize_precision), '.', 'E', s); smart_str_appends(buf, s); smart_str_appendc(buf, ';'); http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.715&r2=1.716&diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.715 php-src/main/main.c:1.716 --- php-src/main/main.c:1.715 Thu Dec 21 09:12:59 2006 +++ php-src/main/main.c Tue Dec 26 17:40:20 2006 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: main.c,v 1.715 2006/12/21 09:12:59 dmitry Exp $ */ +/* $Id: main.c,v 1.716 2006/12/26 17:40:20 iliaa Exp $ */ /* {{{ includes */ @@ -100,8 +100,13 @@ */ static PHP_INI_MH(OnSetPrecision) { - EG(precision) = atoi(new_value); - return SUCCESS; + int i = atoi(new_value); + if (i >= 0) { + EG(precision) = i; + return SUCCESS; + } else { + return FAILURE; +} } /* }}} */ @@ -377,7 +382,7 @@ STD_PHP_INI_BOOLEAN("y2k_compliance", "1", PHP_INI_ALL, OnUpdateBool, y2k_compliance, php_core_globals, core_globals) STD_PHP_INI_ENTRY("unserialize_callback_func", NULL, PHP_INI_ALL, OnUpdateString, unserialize_callback_func, php_core_globals, core_globals) - STD_PHP_INI_ENTRY("serialize_precision", "100", PHP_INI_ALL, OnUpdateLong, serialize_precision, php_core_globals, core_globals) + STD_PHP_INI_ENTRY("serialize_precision", "100", PHP_INI_ALL, OnUpdateLongGEZero, serialize_precision, php_core_globals, core_globals) STD_PHP_INI_ENTRY("arg_separator.output", "&", PHP_INI_ALL, OnUpdateStringUnempty, arg_separator.output, php_core_globals, core_globals) STD_PHP_INI_ENTRY("arg_separator.input", "&", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, arg_separator.input, php_core_globals, core_globals)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php