standard string.c

Moriyoshi Koizumi Sat, 12 Jul 2003 02:32:14 -0700

moriyoshi               Sat Jul 12 05:33:31 2003 EDT

  Modified files:              
    /php-src/ext/standard       string.c 
  Log:
  Fixed bug #24556
  
  
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.392 php-src/ext/standard/string.c:1.393
--- php-src/ext/standard/string.c:1.392 Mon Jun 23 10:09:14 2003
+++ php-src/ext/standard/string.c       Sat Jul 12 05:33:31 2003
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.392 2003/06/23 14:09:14 stas Exp $ */
+/* $Id: string.c,v 1.393 2003/07/12 09:33:31 moriyoshi Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -3800,6 +3800,7 @@
                                        lc = '<';
                                        state = 1;
                                        if (allow) {
+                                               tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? 
tbuf: tp);
                                                *(tp++) = '<';
                                        }
                                } else if (state == 1) {
@@ -3814,6 +3815,7 @@
                                                br++;
                                        }
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
                                } else if (state == 0) {
                                        *(rp++) = c;
@@ -3827,6 +3829,7 @@
                                                br--;
                                        }
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
                                } else if (state == 0) {
                                        *(rp++) = c;
@@ -3844,6 +3847,7 @@
                                                lc = '>';
                                                state = 0;
                                                if (allow) {
+                                                       tp = ((tp-tbuf) >= 
PHP_TAG_BUF_SIZE ? tbuf: tp);
                                                        *(tp++) = '>';
                                                        *tp='\0';
                                                        if (php_tag_find(tbuf, 
tp-tbuf, allow)) {
@@ -3890,6 +3894,7 @@
                                } else if (state == 0) {
                                        *(rp++) = c;
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
                                }
                                break;
@@ -3903,11 +3908,8 @@
                                        if (state == 0) {
                                                *(rp++) = c;
                                        } else if (allow && state == 1) {
+                                               tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? 
tbuf: tp);
                                                *(tp++) = c;
-                                               if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
-                                                       /* prevent buffer overflows */
-                                                       tp = tbuf;
-                                               }
                                        }
                                }
                                break;
@@ -3922,7 +3924,7 @@
 
                        case '?':
 
-                               if (state == 1 && *(p-1)=='<') { 
+                               if (state == 1 && *(p-1) == '<') { 
                                        br=0;
                                        state=2;
                                        break;
@@ -3960,10 +3962,8 @@
                                if (state == 0) {
                                        *(rp++) = c;
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
-                                       if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) { /* no 
buffer overflows */
-                                               tp = tbuf;
-                                       }
                                } 
                                break;
                }




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /ext/standard string.c

Reply via email to