standard string.c

Moriyoshi Koizumi Sat, 12 Jul 2003 02:32:44 -0700

moriyoshi               Sat Jul 12 05:33:58 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src/ext/standard       string.c 
  Log:
  MFH(r-1.393): fixed bug #24556
  
  
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.333.2.32 
php-src/ext/standard/string.c:1.333.2.33
--- php-src/ext/standard/string.c:1.333.2.32    Sun Jun 29 11:36:10 2003
+++ php-src/ext/standard/string.c       Sat Jul 12 05:33:58 2003
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.333.2.32 2003/06/29 15:36:10 iliaa Exp $ */
+/* $Id: string.c,v 1.333.2.33 2003/07/12 09:33:58 moriyoshi Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -3352,6 +3352,7 @@
                                        lc = '<';
                                        state = 1;
                                        if (allow) {
+                                               tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? 
tbuf: tp);
                                                *(tp++) = '<';
                                        }
                                } else if (state == 1) {
@@ -3366,6 +3367,7 @@
                                                br++;
                                        }
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
                                } else if (state == 0) {
                                        *(rp++) = c;
@@ -3379,6 +3381,7 @@
                                                br--;
                                        }
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
                                } else if (state == 0) {
                                        *(rp++) = c;
@@ -3396,6 +3399,7 @@
                                                lc = '>';
                                                state = 0;
                                                if (allow) {
+                                                       tp = ((tp-tbuf) >= 
PHP_TAG_BUF_SIZE ? tbuf: tp);
                                                        *(tp++) = '>';
                                                        *tp='\0';
                                                        if (php_tag_find(tbuf, 
tp-tbuf, allow)) {
@@ -3442,6 +3446,7 @@
                                } else if (state == 0) {
                                        *(rp++) = c;
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
                                }
                                break;
@@ -3455,11 +3460,8 @@
                                        if (state == 0) {
                                                *(rp++) = c;
                                        } else if (allow && state == 1) {
+                                               tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? 
tbuf: tp);
                                                *(tp++) = c;
-                                               if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
-                                                       /* prevent buffer overflows */
-                                                       tp = tbuf;
-                                               }
                                        }
                                }
                                break;
@@ -3474,7 +3476,7 @@
 
                        case '?':
 
-                               if (state == 1 && *(p-1)=='<') { 
+                               if (state == 1 && *(p-1) == '<') { 
                                        br=0;
                                        state=2;
                                        break;
@@ -3512,10 +3514,8 @@
                                if (state == 0) {
                                        *(rp++) = c;
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: 
tp);
                                        *(tp++) = c;
-                                       if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) { /* no 
buffer overflows */
-                                               tp = tbuf;
-                                       }
                                } 
                                break;
                }




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard string.c

Reply via email to