Merge branch 'PHP-5.3' into PHP-5.4

* PHP-5.3: improve overflow checks fix potential overflow in _php_stream_scandir
author: Stanislav Malyshev <stas@php.net> 2012-06-08 01:22:46 -0700
committer: Stanislav Malyshev <stas@php.net> 2012-06-08 01:22:46 -0700
commit: 59eaa7c877e6bacb4783f929b924e2582c4a82f1 (patch)
tree: e584e89208fd3b70df1b1bd27240db691e89eecc /main/streams/streams.c
parent: 0e3a650e748b2bf79147d76a4739e17f3817c10c (diff)
parent: fc74503792b1ee92e4b813690890f3ed38fa3ad5 (diff)
download: php-git-59eaa7c877e6bacb4783f929b924e2582c4a82f1.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/main/streams/streams.c b/main/streams/streams.c
index bf1143c56d..e9c2e07320 100755
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -2349,6 +2349,11 @@ PHPAPI int _php_stream_scandir(char *dirname, char **namelist[], int flags, php_
 			if (vector_size == 0) {
 				vector_size = 10;
 			} else {
+				if(vector_size*2 < vector_size) {
+					/* overflow */
+					efree(vector);
+					return FAILURE;
+				}
 				vector_size *= 2;
 			}
 			vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0);
author	Stanislav Malyshev <stas@php.net>	2012-06-08 01:22:46 -0700
committer	Stanislav Malyshev <stas@php.net>	2012-06-08 01:22:46 -0700
commit	59eaa7c877e6bacb4783f929b924e2582c4a82f1 (patch)
tree	e584e89208fd3b70df1b1bd27240db691e89eecc /main/streams/streams.c
parent	0e3a650e748b2bf79147d76a4739e17f3817c10c (diff)
parent	fc74503792b1ee92e4b813690890f3ed38fa3ad5 (diff)
download	php-git-59eaa7c877e6bacb4783f929b924e2582c4a82f1.tar.gz