main main.c ZendEngine2 zend_ini.c zend_ini.h

Ilia Alshanetsky Tue, 26 Dec 2006 09:41:09 -0800

iliaa           Tue Dec 26 17:40:20 2006 UTC

  Modified files:              
    /ZendEngine2        zend_ini.c zend_ini.h 
    /php-src/ext/exif   exif.c 
    /php-src/ext/interbase      ibase_query.c 
    /php-src/ext/json   json.c 
    /php-src/ext/pdo_dblib      dblib_driver.c dblib_stmt.c 
    /php-src/ext/pgsql  pgsql.c 
    /php-src/ext/soap   php_encoding.c 
    /php-src/ext/spl    spl_directory.c 
    /php-src/ext/standard       uuencode.c var.c 
    /php-src/main       main.c 
  Log:
  
  MFB: safety checks

http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.50&r2=1.51&diff_format=u
Index: ZendEngine2/zend_ini.c
diff -u ZendEngine2/zend_ini.c:1.50 ZendEngine2/zend_ini.c:1.51
--- ZendEngine2/zend_ini.c:1.50 Fri Dec 22 21:38:12 2006
+++ ZendEngine2/zend_ini.c      Tue Dec 26 17:40:20 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_ini.c,v 1.50 2006/12/22 21:38:12 andrei Exp $ */
+/* $Id: zend_ini.c,v 1.51 2006/12/26 17:40:20 iliaa Exp $ */
 
 #include "zend.h"
 #include "zend_qsort.h"
@@ -530,6 +530,28 @@
        *p = zend_atoi(new_value, new_value_length);
        return SUCCESS;
 }
+ZEND_API ZEND_INI_MH(OnUpdateLongGEZero)
+{
+       long *p, tmp;
+#ifndef ZTS
+       char *base = (char *) mh_arg2;
+#else
+       char *base;
+
+       base = (char *) ts_resource(*((int *) mh_arg2));
+#endif
+
+       tmp = zend_atoi(new_value, new_value_length);
+       if (tmp < 0) {
+               return FAILURE;
+       }
+
+       p = (long *) (base+(size_t) mh_arg1);
+       *p = tmp;
+
+       return SUCCESS;
+}
+
 
 
 ZEND_API ZEND_INI_MH(OnUpdateReal)
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?r1=1.38&r2=1.39&diff_format=u
Index: ZendEngine2/zend_ini.h
diff -u ZendEngine2/zend_ini.h:1.38 ZendEngine2/zend_ini.h:1.39
--- ZendEngine2/zend_ini.h:1.38 Fri Dec 22 21:38:12 2006
+++ ZendEngine2/zend_ini.h      Tue Dec 26 17:40:20 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: zend_ini.h,v 1.38 2006/12/22 21:38:12 andrei Exp $ */
+/* $Id: zend_ini.h,v 1.39 2006/12/26 17:40:20 iliaa Exp $ */
 
 #ifndef ZEND_INI_H
 #define ZEND_INI_H
@@ -175,6 +175,7 @@
 BEGIN_EXTERN_C()
 ZEND_API ZEND_INI_MH(OnUpdateBool);
 ZEND_API ZEND_INI_MH(OnUpdateLong);
+ZEND_API ZEND_INI_MH(OnUpdateLongGEZero);
 ZEND_API ZEND_INI_MH(OnUpdateReal);
 ZEND_API ZEND_INI_MH(OnUpdateString);
 ZEND_API ZEND_INI_MH(OnUpdateStringUnempty);
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.186&r2=1.187&diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.186 php-src/ext/exif/exif.c:1.187
--- php-src/ext/exif/exif.c:1.186       Mon Dec 25 16:49:04 2006
+++ php-src/ext/exif/exif.c     Tue Dec 26 17:40:20 2006
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: exif.c,v 1.186 2006/12/25 16:49:04 iliaa Exp $ */
+/* $Id: exif.c,v 1.187 2006/12/26 17:40:20 iliaa Exp $ */
 
 /*  ToDos
  *
@@ -139,7 +139,7 @@
 };
 /* }}} */
 
-#define EXIF_VERSION "1.4 $Id: exif.c,v 1.186 2006/12/25 16:49:04 iliaa Exp $"
+#define EXIF_VERSION "1.4 $Id: exif.c,v 1.187 2006/12/26 17:40:20 iliaa Exp $"
 
 /* {{{ PHP_MINFO_FUNCTION
  */
@@ -3569,7 +3569,7 @@
                                                                
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 
0x%04X", ImageInfo->Thumbnail.data ? "Ignore" : "Read", 
ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size);
 #endif
                                                                if 
(!ImageInfo->Thumbnail.data) {
-                                                                       
ImageInfo->Thumbnail.data = emalloc(ImageInfo->Thumbnail.size);
+                                                                       
ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0);
                                                                        
php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET);
                                                                        fgot = 
php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, 
ImageInfo->Thumbnail.size);
                                                                        if 
(fgot < ImageInfo->Thumbnail.size) {
@@ -3602,7 +3602,7 @@
                                        exif_error_docref(NULL EXIFERR_CC, 
ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data 
? "Ignore" : "Read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size);
 #endif
                                        if (!ImageInfo->Thumbnail.data && 
ImageInfo->Thumbnail.offset && ImageInfo->Thumbnail.size && 
ImageInfo->read_thumbnail) {
-                                               ImageInfo->Thumbnail.data = 
emalloc(ImageInfo->Thumbnail.size);
+                                               ImageInfo->Thumbnail.data = 
safe_emalloc(ImageInfo->Thumbnail.size, 1, 0);
                                                
php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET);
                                                fgot = 
php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, 
ImageInfo->Thumbnail.size);
                                                if (fgot < 
ImageInfo->Thumbnail.size) {
http://cvs.php.net/viewvc.cgi/php-src/ext/interbase/ibase_query.c?r1=1.26&r2=1.27&diff_format=u
Index: php-src/ext/interbase/ibase_query.c
diff -u php-src/ext/interbase/ibase_query.c:1.26 
php-src/ext/interbase/ibase_query.c:1.27
--- php-src/ext/interbase/ibase_query.c:1.26    Thu Nov 30 16:21:36 2006
+++ php-src/ext/interbase/ibase_query.c Tue Dec 26 17:40:20 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: ibase_query.c,v 1.26 2006/11/30 16:21:36 iliaa Exp $ */
+/* $Id: ibase_query.c,v 1.27 2006/12/26 17:40:20 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -1146,7 +1146,7 @@
                                break;
                        }
                } else if (bind_n > 0) {
-                       bind_args = (zval ***) emalloc(sizeof(zval **) * 
ZEND_NUM_ARGS());
+                       bind_args = (zval ***) safe_emalloc(sizeof(zval **), 
ZEND_NUM_ARGS(), 0);
 
                        if (FAILURE == 
zend_get_parameters_array_ex(ZEND_NUM_ARGS(), bind_args)) {
                                break;
http://cvs.php.net/viewvc.cgi/php-src/ext/json/json.c?r1=1.20&r2=1.21&diff_format=u
Index: php-src/ext/json/json.c
diff -u php-src/ext/json/json.c:1.20 php-src/ext/json/json.c:1.21
--- php-src/ext/json/json.c:1.20        Tue Dec 19 15:01:57 2006
+++ php-src/ext/json/json.c     Tue Dec 26 17:40:20 2006
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: json.c,v 1.20 2006/12/19 15:01:57 nlopess Exp $ */
+/* $Id: json.c,v 1.21 2006/12/26 17:40:20 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -242,7 +242,7 @@
        if (type == IS_UNICODE) {
                utf16 = (unsigned short *) s.u;
        } else {        
-               utf16 = (unsigned short *) emalloc(len * sizeof(unsigned 
short));
+               utf16 = (unsigned short *) safe_emalloc(len, sizeof(unsigned 
short), 0);
 
                len = utf8_to_utf16(utf16, s.s, len);
                if (len <= 0)
@@ -443,7 +443,7 @@
                utf16 = str.u;
                utf16_len = str_len;
        } else {
-               utf16 = (unsigned short *) emalloc((str_len+1) * 
sizeof(unsigned short));
+               utf16 = (unsigned short *) safe_emalloc((str_len+1), 
sizeof(unsigned short), 0);
 
                utf16_len = utf8_to_utf16(utf16, str.s, str_len);
                if (utf16_len <= 0)
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_dblib/dblib_driver.c?r1=1.12&r2=1.13&diff_format=u
Index: php-src/ext/pdo_dblib/dblib_driver.c
diff -u php-src/ext/pdo_dblib/dblib_driver.c:1.12 
php-src/ext/pdo_dblib/dblib_driver.c:1.13
--- php-src/ext/pdo_dblib/dblib_driver.c:1.12   Sun Jan  1 13:09:52 2006
+++ php-src/ext/pdo_dblib/dblib_driver.c        Tue Dec 26 17:40:20 2006
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: dblib_driver.c,v 1.12 2006/01/01 13:09:52 sniper Exp $ */
+/* $Id: dblib_driver.c,v 1.13 2006/12/26 17:40:20 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
@@ -144,7 +144,7 @@
        char *q;
        int l = 1;
 
-       *quoted = q = emalloc(2 * unquotedlen + 3);
+       *quoted = q = safe_emalloc(2, unquotedlen, 3);
        *q++ = '\'';
 
        while (unquotedlen--) {
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo_dblib/dblib_stmt.c?r1=1.8&r2=1.9&diff_format=u
Index: php-src/ext/pdo_dblib/dblib_stmt.c
diff -u php-src/ext/pdo_dblib/dblib_stmt.c:1.8 
php-src/ext/pdo_dblib/dblib_stmt.c:1.9
--- php-src/ext/pdo_dblib/dblib_stmt.c:1.8      Sun Jan  1 13:09:52 2006
+++ php-src/ext/pdo_dblib/dblib_stmt.c  Tue Dec 26 17:40:20 2006
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: dblib_stmt.c,v 1.8 2006/01/01 13:09:52 sniper Exp $ */
+/* $Id: dblib_stmt.c,v 1.9 2006/12/26 17:40:20 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
@@ -131,7 +131,7 @@
 
        arows = 100;
        size = S->ncols * sizeof(pdo_dblib_colval);
-       S->rows = emalloc(arows * size);
+       S->rows = safe_emalloc(arows, size, 0);
 
        /* let's fetch all the data */
        do {
http://cvs.php.net/viewvc.cgi/php-src/ext/pgsql/pgsql.c?r1=1.360&r2=1.361&diff_format=u
Index: php-src/ext/pgsql/pgsql.c
diff -u php-src/ext/pgsql/pgsql.c:1.360 php-src/ext/pgsql/pgsql.c:1.361
--- php-src/ext/pgsql/pgsql.c:1.360     Wed Nov 29 15:47:41 2006
+++ php-src/ext/pgsql/pgsql.c   Tue Dec 26 17:40:20 2006
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
  */
  
-/* $Id: pgsql.c,v 1.360 2006/11/29 15:47:41 iliaa Exp $ */
+/* $Id: pgsql.c,v 1.361 2006/12/26 17:40:20 iliaa Exp $ */
 
 #include <stdlib.h>
 
@@ -2098,7 +2098,7 @@
                                        Bucket *p;
        
                                        fci.param_count = 0;
-                                       fci.params = emalloc(sizeof(zval*) * 
ht->nNumOfElements);
+                                       fci.params = 
safe_emalloc(sizeof(zval*), ht->nNumOfElements, 0);
                                        p = ht->pListHead;
                                        while (p != NULL) {
                                                fci.params[fci.param_count++] = 
(zval**)p->pData;
http://cvs.php.net/viewvc.cgi/php-src/ext/soap/php_encoding.c?r1=1.149&r2=1.150&diff_format=u
Index: php-src/ext/soap/php_encoding.c
diff -u php-src/ext/soap/php_encoding.c:1.149 
php-src/ext/soap/php_encoding.c:1.150
--- php-src/ext/soap/php_encoding.c:1.149       Tue Dec 19 11:55:16 2006
+++ php-src/ext/soap/php_encoding.c     Tue Dec 26 17:40:20 2006
@@ -17,7 +17,7 @@
   |          Dmitry Stogov <[EMAIL PROTECTED]>                             |
   +----------------------------------------------------------------------+
 */
-/* $Id: php_encoding.c,v 1.149 2006/12/19 11:55:16 dmitry Exp $ */
+/* $Id: php_encoding.c,v 1.150 2006/12/26 17:40:20 iliaa Exp $ */
 
 #include <time.h>
 
@@ -941,7 +941,7 @@
                convert_to_double(&tmp);
        }
        
-       str = (char *) emalloc(MAX_LENGTH_OF_DOUBLE + EG(precision) + 1);
+       str = (char *) safe_emalloc(EG(precision), 1, MAX_LENGTH_OF_DOUBLE + 1);
        php_gcvt(Z_DVAL(tmp), EG(precision), '.', 'E', str);
        xmlNodeSetContentLen(ret, BAD_CAST(str), strlen(str));
        efree(str);
http://cvs.php.net/viewvc.cgi/php-src/ext/spl/spl_directory.c?r1=1.106&r2=1.107&diff_format=u
Index: php-src/ext/spl/spl_directory.c
diff -u php-src/ext/spl/spl_directory.c:1.106 
php-src/ext/spl/spl_directory.c:1.107
--- php-src/ext/spl/spl_directory.c:1.106       Wed Dec 20 23:30:23 2006
+++ php-src/ext/spl/spl_directory.c     Tue Dec 26 17:40:20 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: spl_directory.c,v 1.106 2006/12/20 23:30:23 helly Exp $ */
+/* $Id: spl_directory.c,v 1.107 2006/12/26 17:40:20 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 # include "config.h"
@@ -1363,7 +1363,7 @@
        }
 
        if (intern->u.file.max_line_len > 0) {
-               buf = emalloc((intern->u.file.max_line_len + 1) * sizeof(char));
+               buf = safe_emalloc((intern->u.file.max_line_len + 1), 
sizeof(char), 0);
                if (php_stream_get_line(intern->u.file.stream, ZSTR(buf), 
intern->u.file.max_line_len, &line_len) == NULL) {
                        efree(buf);
                        buf = NULL;
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/uuencode.c?r1=1.9&r2=1.10&diff_format=u
Index: php-src/ext/standard/uuencode.c
diff -u php-src/ext/standard/uuencode.c:1.9 php-src/ext/standard/uuencode.c:1.10
--- php-src/ext/standard/uuencode.c:1.9 Sun Oct  8 13:34:24 2006
+++ php-src/ext/standard/uuencode.c     Tue Dec 26 17:40:20 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: uuencode.c,v 1.9 2006/10/08 13:34:24 bjori Exp $ */
+/* $Id: uuencode.c,v 1.10 2006/12/26 17:40:20 iliaa Exp $ */
 
 /*
  * Portions of this code are based on Berkeley's uuencode/uudecode
@@ -71,7 +71,7 @@
        char *p, *s, *e, *ee;
 
        /* encoded length is ~ 38% greater then the original */
-       p = *dest = emalloc((ceil(src_len * 1.38) + 45 + 1));
+       p = *dest = safe_emalloc(ceil(src_len * 1.38), 1, 46);
        s = src;
        e = src + src_len;
 
@@ -128,7 +128,7 @@
        int len, total_len=0;
        char *s, *e, *p, *ee;
 
-       p = *dest = emalloc(ceil(src_len * 0.75) + 1);
+       p = *dest = safe_emalloc(ceil(src_len * 0.75), 1, 1);
        s = src;
        e = src + src_len;
 
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var.c?r1=1.257&r2=1.258&diff_format=u
Index: php-src/ext/standard/var.c
diff -u php-src/ext/standard/var.c:1.257 php-src/ext/standard/var.c:1.258
--- php-src/ext/standard/var.c:1.257    Fri Dec 22 00:47:27 2006
+++ php-src/ext/standard/var.c  Tue Dec 26 17:40:20 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: var.c,v 1.257 2006/12/22 00:47:27 helly Exp $ */
+/* $Id: var.c,v 1.258 2006/12/26 17:40:20 iliaa Exp $ */
 
 
 
@@ -944,7 +944,7 @@
                                char *s;
 
                                smart_str_appendl(buf, "d:", 2);
-                               s = (char *) emalloc(MAX_LENGTH_OF_DOUBLE + 
PG(serialize_precision) + 1);
+                               s = (char *) 
safe_emalloc(PG(serialize_precision), 1, MAX_LENGTH_OF_DOUBLE + 1);
                                php_gcvt(Z_DVAL_P(struc), 
PG(serialize_precision), '.', 'E', s);
                                smart_str_appends(buf, s);
                                smart_str_appendc(buf, ';');
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.715&r2=1.716&diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.715 php-src/main/main.c:1.716
--- php-src/main/main.c:1.715   Thu Dec 21 09:12:59 2006
+++ php-src/main/main.c Tue Dec 26 17:40:20 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: main.c,v 1.715 2006/12/21 09:12:59 dmitry Exp $ */
+/* $Id: main.c,v 1.716 2006/12/26 17:40:20 iliaa Exp $ */
 
 /* {{{ includes
  */
@@ -100,8 +100,13 @@
  */
 static PHP_INI_MH(OnSetPrecision)
 {
-       EG(precision) = atoi(new_value);
-       return SUCCESS;
+       int i = atoi(new_value);
+       if (i >= 0) {
+               EG(precision) = i;
+               return SUCCESS;
+       } else {
+               return FAILURE;
+}
 }
 /* }}} */
 
@@ -377,7 +382,7 @@
        STD_PHP_INI_BOOLEAN("y2k_compliance",           "1",            
PHP_INI_ALL,            OnUpdateBool,                   y2k_compliance,         
        php_core_globals,       core_globals)
 
        STD_PHP_INI_ENTRY("unserialize_callback_func",  NULL,   PHP_INI_ALL,    
        OnUpdateString,                 unserialize_callback_func,      
php_core_globals,       core_globals)
-       STD_PHP_INI_ENTRY("serialize_precision",        "100",  PHP_INI_ALL,    
        OnUpdateLong,                   serialize_precision,    
php_core_globals,       core_globals)
+       STD_PHP_INI_ENTRY("serialize_precision",        "100",  PHP_INI_ALL,    
        OnUpdateLongGEZero,                     serialize_precision,    
php_core_globals,       core_globals)
        STD_PHP_INI_ENTRY("arg_separator.output",       "&",            
PHP_INI_ALL,            OnUpdateStringUnempty,  arg_separator.output,   
php_core_globals,       core_globals)
        STD_PHP_INI_ENTRY("arg_separator.input",        "&",            
PHP_INI_SYSTEM|PHP_INI_PERDIR,  OnUpdateStringUnempty,  arg_separator.input,    
php_core_globals,       core_globals)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /ext/exif exif.c /ext/interbase ibase_query.c /ext/json json.c /ext/pdo_dblib dblib_driver.c dblib_stmt.c /ext/pgsql pgsql.c /ext/soap php_encoding.c /ext/spl spl_directory.c /ext/standard uuencode.c var.c /main main.c ZendEngine2 zend_ini.c zend_ini.h

Reply via email to