Check for spprintf failure in key generation

Add a check for negative length returned by spprintf to ensure key generation doesn't proceed with invalid data. This prevents potential issues or crashes that could occur if the function fails and returns an error.
ray-di · Dec 9, 2024 · dea7e8e · dea7e8e
1 parent 3344101
commit dea7e8e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/rayaop.c b/rayaop.c
@@ -106,6 +106,9 @@ PHP_RAYAOP_API char *php_rayaop_generate_key(zend_string *class_name, zend_strin
     }
     char *key;
     int len = spprintf(&key, 0, "%s::%s", ZSTR_VAL(class_name), ZSTR_VAL(method_name));
+    if (len < 0) {
+        return NULL;
+    }
     if (key_len) {
         *key_len = (size_t)len;
     }