summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStanislav Malyshev <stas@php.net>2012-06-08 08:22:46 (GMT)
committerStanislav Malyshev <stas@php.net>2012-06-08 08:22:46 (GMT)
commit59eaa7c877e6bacb4783f929b924e2582c4a82f1 (patch)
treee584e89208fd3b70df1b1bd27240db691e89eecc
parent0e3a650e748b2bf79147d76a4739e17f3817c10c (diff)
parentfc74503792b1ee92e4b813690890f3ed38fa3ad5 (diff)
downloadphp-59eaa7c877e6bacb4783f929b924e2582c4a82f1.tar.gz
Merge branch 'PHP-5.3' into PHP-5.4
* PHP-5.3: improve overflow checks fix potential overflow in _php_stream_scandir
-rwxr-xr-xmain/streams/streams.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/main/streams/streams.c b/main/streams/streams.c
index bf1143c..e9c2e07 100755
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -2349,6 +2349,11 @@ PHPAPI int _php_stream_scandir(char *dirname, char **namelist[], int flags, php_
if (vector_size == 0) {
vector_size = 10;
} else {
+ if(vector_size*2 < vector_size) {
+ /* overflow */
+ efree(vector);
+ return FAILURE;
+ }
vector_size *= 2;
}
vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0);