Skip to content

Commit 2a4ec93

Browse files
devnexendevnexen
committed
ext/bz2: bzcompress/bzdecompress check inputs lengths beforehand.
also removing useless casts for filter ZendMM parts.
1 parent 49d798a commit 2a4ec93

File tree

2 files changed

+14
-2
lines changed

2 files changed

+14
-2
lines changed

ext/bz2/bz2.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -450,6 +450,13 @@ PHP_FUNCTION(bzcompress)
450450
RETURN_THROWS();
451451
}
452452

453+
const unsigned int source_len_max = (unsigned int)((UINT_MAX - 600) / 1.01);
454+
455+
if (source_len > source_len_max) {
456+
zend_argument_value_error(1, "length must be lower or equal to %u", source_len_max);
457+
RETURN_THROWS();
458+
}
459+
453460
if (zblock_size < 1 || zblock_size > 9) {
454461
zend_argument_value_error(2, "must be between 1 and 9");
455462
RETURN_THROWS();
@@ -505,6 +512,11 @@ PHP_FUNCTION(bzdecompress)
505512
RETURN_THROWS();
506513
}
507514

515+
if (source_len > UINT_MAX) {
516+
zend_argument_value_error(1, "length must be lower or equal to %u", UINT_MAX);
517+
RETURN_THROWS();
518+
}
519+
508520
bzs.bzalloc = NULL;
509521
bzs.bzfree = NULL;
510522

ext/bz2/bz2_filter.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,12 +50,12 @@ typedef struct _php_bz2_filter_data {
5050

5151
static void *php_bz2_alloc(void *opaque, int items, int size)
5252
{
53-
return (void *)safe_pemalloc(items, size, 0, ((php_bz2_filter_data*)opaque)->persistent);
53+
return safe_pemalloc(items, size, 0, ((php_bz2_filter_data*)opaque)->persistent);
5454
}
5555

5656
static void php_bz2_free(void *opaque, void *address)
5757
{
58-
pefree((void *)address, ((php_bz2_filter_data*)opaque)->persistent);
58+
pefree(address, ((php_bz2_filter_data*)opaque)->persistent);
5959
}
6060
/* }}} */
6161

0 commit comments

Comments
 (0)