diff options
| author | xXx-caillou-xXx | 2018-07-13 14:55:23 +0200 |
|---|---|---|
| committer | jvoisin | 2018-07-13 12:55:23 +0000 |
| commit | 7bd365ebc471409f85e6561f7da4f93d7017bfa4 (patch) | |
| tree | 3a5ef9438a025e53de751a6dd9162cc7ee5df960 /src/sp_utils.c | |
| parent | b1bf270b41f94ce2df668be611e5b646397a7a52 (diff) | |
Fix various possible integer overflows
Diffstat (limited to 'src/sp_utils.c')
| -rw-r--r-- | src/sp_utils.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/sp_utils.c b/src/sp_utils.c index a94ab2a..14b7c09 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c | |||
| @@ -143,6 +143,11 @@ int sp_log_request(const zend_string* folder, const zend_string* text_repr, | |||
| 143 | 143 | ||
| 144 | static char* zend_string_to_char(const zend_string* zs) { | 144 | static char* zend_string_to_char(const zend_string* zs) { |
| 145 | // Remove \0 from the middle of a string | 145 | // Remove \0 from the middle of a string |
| 146 | |||
| 147 | if (ZSTR_LEN(zs) + 1 < ZSTR_LEN(zs)) { | ||
| 148 | sp_log_err("overflow_error", "Overflow tentative detected in zend_string_to_char."); | ||
| 149 | sp_terminate(); | ||
| 150 | } | ||
| 146 | char* copy = emalloc(ZSTR_LEN(zs) + 1); | 151 | char* copy = emalloc(ZSTR_LEN(zs) + 1); |
| 147 | 152 | ||
| 148 | copy[ZSTR_LEN(zs)] = 0; | 153 | copy[ZSTR_LEN(zs)] = 0; |