1 --- PHP_5_3/main/snprintf.c 2011/02/21 06:22:00 308524
2 +++ PHP_5_3/main/snprintf.c 2011/02/21 06:53:24 308525
6 * Check if a precision was specified
8 - * XXX: an unreasonable amount of precision may be specified
9 - * resulting in overflow of num_buf. Currently we
10 - * ignore this possibility.
13 adjust_precision = YES;
19 + if (precision > FORMAT_CONV_MAX_PRECISION) {
20 + precision = FORMAT_CONV_MAX_PRECISION;
23 adjust_precision = NO;
25 --- PHP_5_3/main/snprintf.h 2011/02/21 06:22:00 308524
26 +++ PHP_5_3/main/snprintf.h 2011/02/21 06:53:24 308525
28 | obtain it through the world-wide-web, please send a note to |
29 | license@php.net so we can mail you a copy immediately. |
30 +----------------------------------------------------------------------+
31 - | Author: Stig Sæther Bakken <ssb@php.net> |
32 + | Author: Stig Sæther Bakken <ssb@php.net> |
33 | Marcus Boerger <helly@php.net> |
34 +----------------------------------------------------------------------+
38 extern char * ap_php_conv_p2(register u_wide_int num, register int nbits,
39 char format, char *buf_end, register int *len);
41 +/* The maximum precision that's allowed for float conversion. Does not include
42 + * decimal separator, exponent, sign, terminator. Currently does not affect
43 + * the modes e/f, only g/k/H, as those have a different limit enforced at
44 + * another level (see NDIG in php_conv_fp()).
45 + * Applies to the formatting functions of both spprintf.c and snprintf.c, which
46 + * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the
47 + * call to php_gcvt().
48 + * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9
49 + * should be enough, but let's give some more space) */
50 +#define FORMAT_CONV_MAX_PRECISION 500
52 #endif /* SNPRINTF_H */
54 --- PHP_5_3/main/spprintf.c 2011/02/21 06:22:00 308524
55 +++ PHP_5_3/main/spprintf.c 2011/02/21 06:53:24 308525
59 * Check if a precision was specified
61 - * XXX: an unreasonable amount of precision may be specified
62 - * resulting in overflow of num_buf. Currently we
63 - * ignore this possibility.
66 adjust_precision = YES;
72 + if (precision > FORMAT_CONV_MAX_PRECISION) {
73 + precision = FORMAT_CONV_MAX_PRECISION;
76 adjust_precision = NO;