Hi!
pecalloc() uses the wrong length to zero out the memory. Patch is attached, although I'm somewhat concerned about using just (nmemb*len) instead of something like safe_address(nmemb*len), but safe_address() is inlined in zend_alloc.c not in the header file.
You just did safe_address in _safe_malloc(nmemb, len, 0) which should have called E_ERROR if nmemb*len overflows, so do you need to do it again?
Leaving a comment about it wouldn't hurt though :) -- Stanislav Malyshev, Zend Software Architect s...@zend.com http://www.zend.com/ (408)253-8829 MSN: s...@zend.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
