4
|
1 |
Index: php-5.2.11/Zend/zend_alloc.c
|
|
2 |
===================================================================
|
|
3 |
--- php-5.2.11/Zend/zend_alloc.c (revision 291097)
|
|
4 |
+++ php-5.2.11/Zend/zend_alloc.c (working copy)
|
|
5 |
@@ -87,6 +87,20 @@
|
|
6 |
# define UNEXPECTED(condition) (condition)
|
|
7 |
#endif
|
|
8 |
|
|
9 |
+#define HAVE_ZEND_LONG64
|
|
10 |
+#ifdef ZEND_WIN32
|
|
11 |
+typedef __int64 zend_long64;
|
|
12 |
+typedef unsigned __int64 zend_ulong64;
|
|
13 |
+#elif SIZEOF_LONG_LONG_INT == 8
|
|
14 |
+typedef long long int zend_long64;
|
|
15 |
+typedef unsigned long long int zend_ulong64;
|
|
16 |
+#elif SIZEOF_LONG_LONG == 8
|
|
17 |
+typedef long long zend_long64;
|
|
18 |
+typedef unsigned long long zend_ulong64;
|
|
19 |
+#else
|
|
20 |
+# undef HAVE_ZEND_LONG64
|
|
21 |
+#endif
|
|
22 |
+
|
|
23 |
static void zend_mm_panic(const char *message)
|
|
24 |
{
|
|
25 |
fprintf(stderr, "%s\n", message);
|
|
26 |
@@ -2369,6 +2383,19 @@
|
|
27 |
return res;
|
|
28 |
}
|
|
29 |
|
|
30 |
+#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64)
|
|
31 |
+
|
|
32 |
+static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
|
|
33 |
+{
|
|
34 |
+ zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset;
|
|
35 |
+
|
|
36 |
+ if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) {
|
|
37 |
+ zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%zu * %zu + %zu)", nmemb, size, offset);
|
|
38 |
+ return 0;
|
|
39 |
+ }
|
|
40 |
+ return (size_t) res;
|
|
41 |
+}
|
|
42 |
+
|
|
43 |
#else
|
|
44 |
|
|
45 |
static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
|