zend_hash_check_size: allow nSize <= HT_MAX_SIZE (#10244)

arnaud-lb · web-flow · commit 2b1907786c22 · 2023-01-13T17:42:43.000+01:00
This is consistent with other uses of HT_MAX_SIZE
diff --git a/Zend/zend_hash.c b/Zend/zend_hash.c
@@ -119,7 +119,7 @@ static zend_always_inline uint32_t zend_hash_check_size(uint32_t nSize)
 	/* size should be between HT_MIN_SIZE and HT_MAX_SIZE */
 	if (nSize <= HT_MIN_SIZE) {
 		return HT_MIN_SIZE;
-	} else if (UNEXPECTED(nSize >= HT_MAX_SIZE)) {
+	} else if (UNEXPECTED(nSize > HT_MAX_SIZE)) {
 		zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%u * %zu + %zu)", nSize, sizeof(Bucket), sizeof(Bucket));
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ static zend_always_inline uint32_t zend_hash_check_size(uint32_t nSize)`
`119`	`119`	`/* size should be between HT_MIN_SIZE and HT_MAX_SIZE */`
`120`	`120`	`if (nSize <= HT_MIN_SIZE) {`
`121`	`121`	`return HT_MIN_SIZE;`
`122`		`- } else if (UNEXPECTED(nSize >= HT_MAX_SIZE)) {`
	`122`	`+ } else if (UNEXPECTED(nSize > HT_MAX_SIZE)) {`
`123`	`123`	`zend_error_noreturn(E_ERROR, "Possible integer overflow in memory allocation (%u * %zu + %zu)", nSize, sizeof(Bucket), sizeof(Bucket));`
`124`	`124`	`}`
`125`	`125`