few realloc calls changes and overflow checks related. #2162
Conversation
|
|
||
| blacklist->size += ZEND_BLACKLIST_BLOCK_SIZE; | ||
| blacklist->entries = (zend_blacklist_entry *) realloc(blacklist->entries, sizeof(zend_blacklist_entry)*blacklist->size); | ||
| zend_blacklist_entry * entries = (zend_blacklist_entry *) realloc(blacklist->entries, sizeof(zend_blacklist_entry) * blacklist->size); |
There was a problem hiding this comment.
This won't work on C89, as decls must be first in a block, sadly, Windows is one such case
ext/xmlrpc/libxmlrpc/base64.c
Outdated
| } | ||
| b->length += 512; | ||
| b->data = realloc(b->data, b->length); | ||
| char *data = realloc(b->data, b->length); |
There was a problem hiding this comment.
Same as above comment, decls first in block
ext/xmlrpc/libxmlrpc/simplestring.c
Outdated
| return; | ||
| } | ||
| target->str = (char*)realloc(target->str, newsize); | ||
| char *str = (char*)realloc(target->str, newsize); |
There was a problem hiding this comment.
Same as above comment, decls first in block
main/network.c
Outdated
| } | ||
| *hstbuflen *= 2; | ||
| *tmphstbuf = (char *)realloc (*tmphstbuf,*hstbuflen); | ||
| char *ptmphstbuf = (char *)realloc(*tmphstbuf, *hstbuflen); |
There was a problem hiding this comment.
Same as above comment, decls first in block
main/network.c
Outdated
| } | ||
| *hstbuflen *= 2; | ||
| *tmphstbuf = (char *)realloc (*tmphstbuf,*hstbuflen); | ||
| char *ptmphstbuf = (char *)realloc(*tmphstbuf, *hstbuflen); |
There was a problem hiding this comment.
Same as above comment, decls first in block
main/network.c
Outdated
| if (*hstbuflen < sizeof(struct hostent_data)) { | ||
| *hstbuflen = sizeof(struct hostent_data); | ||
| *tmphstbuf = (char *)realloc(*tmphstbuf, *hstbuflen); | ||
| char *ptmphstbuf = (char *)realloc(*tmphstbuf, *hstbuflen); |
There was a problem hiding this comment.
Same as above comment, decls first in block
main/network.c
Outdated
| && (errno == ERANGE)) { | ||
| char *ptmphstbuf; | ||
| /* Enlarge the buffer. */ | ||
| if (*hstbuflen * 2 >= SIZE_MAX) { |
There was a problem hiding this comment.
This condition is always false. Should probably be *hstbuflen > SIZE_MAX / 2? (Same below)
|
Can I get an update on status here please ? Should be rebased on 7.0, master is using zend MM in libxmlrpc. |
| p = pp; | ||
| return p; | ||
| } | ||
| free(p); |
There was a problem hiding this comment.
These changes aren't necessary -- zend_out_of_memory will exit anyway. We can't avoid "leaks" in that situation in any case (where leak = reachable memory).
|
I'm not a huge fan of checking alloc return values -- it makes the code pretty ugly to handle cases that are not really of practical relevance. I wonder if it wouldn't be better to replace something like char *data = realloc(b->data, b->length);
if (!data) {
buffer_delete(b);
return;
}
b->data = data;with
|
| if (!pini_entries) { | ||
| goto out; | ||
| } | ||
| ini_entries = pini_entries; |
There was a problem hiding this comment.
Using the suggestion from #2162 (comment), this whole change (including the overflow check) could be written as:
ini_entries = safe_perealloc(ini_entries, ini_entries_len, 1, sizeof(HARDCODED_INI), 1);
perealloc handles the failure case, safe handles the overflow.
| val++; | ||
| if (!isalnum(*val) && *val != '"' && *val != '\'' && *val != '\0') { | ||
| ini_entries = realloc(ini_entries, ini_entries_len + len + sizeof("\"\"\n\0")); | ||
| if ((ini_entries_len + len + sizeof("\"\"\n\0")) >= SIZE_MAX) { |
There was a problem hiding this comment.
Generally all checks of the form >= SIZE_MAX are ineffective, because the overflow will already happen before the comparison.
|
I think this was superseded by work done by Nikita, so closing this PR. |
5 participants
No description provided.