Merge branch 'PHP-5.4'

* PHP-5.4: improve overflow checks add NEWS fix potential overflow in _php_stream_scandir
author: Stanislav Malyshev <stas@php.net> 2012-06-08 01:23:07 -0700
committer: Stanislav Malyshev <stas@php.net> 2012-06-08 01:23:07 -0700
commit: c83457ed13deabd296dcfb17f3e104572878763e (patch)
tree: 7c5fefd92d8d0cc94b3fd560ffddedd740028e14 /main/streams/streams.c
parent: 426ccd3e7f9aabc5d4e3b97a51d2c19ba44871d5 (diff)
parent: 59eaa7c877e6bacb4783f929b924e2582c4a82f1 (diff)
download: php-git-c83457ed13deabd296dcfb17f3e104572878763e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/main/streams/streams.c b/main/streams/streams.c
index 19457241fc..81bf59446f 100755
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -2280,6 +2280,11 @@ PHPAPI int _php_stream_scandir(char *dirname, char **namelist[], int flags, php_
 			if (vector_size == 0) {
 				vector_size = 10;
 			} else {
+				if(vector_size*2 < vector_size) {
+					/* overflow */
+					efree(vector);
+					return FAILURE;
+				}
 				vector_size *= 2;
 			}
 			vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0);
author	Stanislav Malyshev <stas@php.net>	2012-06-08 01:23:07 -0700
committer	Stanislav Malyshev <stas@php.net>	2012-06-08 01:23:07 -0700
commit	c83457ed13deabd296dcfb17f3e104572878763e (patch)
tree	7c5fefd92d8d0cc94b3fd560ffddedd740028e14 /main/streams/streams.c
parent	426ccd3e7f9aabc5d4e3b97a51d2c19ba44871d5 (diff)
parent	59eaa7c877e6bacb4783f929b924e2582c4a82f1 (diff)
download	php-git-c83457ed13deabd296dcfb17f3e104572878763e.tar.gz