Prevent potential buffer overflow for large value of php_cli_server_workers_max

yiyuaner · yiyuaner · commit c6b9a0229313 · 2022-07-13T21:02:48.000+08:00
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
@@ -2421,6 +2421,11 @@ static void php_cli_server_startup_workers(void) {
 	if (php_cli_server_workers_max > 1) {
 		zend_long php_cli_server_worker;
 
+        if ((size_t) php_cli_server_workers_max * sizeof(pid_t) < (size_t) php_cli_server_workers_max) {
+			php_cli_server_workers_max = 1;
+			return;
+        }
+
 		php_cli_server_workers = calloc(
 			php_cli_server_workers_max, sizeof(pid_t));
 		if (!php_cli_server_workers) {
