moriyoshi                                Mon, 12 Oct 2009 14:25:51 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=289565

Log:
- Bug #49785: take 3 - fixed infinite loop bug (only for 5.2) (reported by 
T.Komura. Thanks)

Bug: http://bugs.php.net/49785 (Closed) htmlspecialchars() should check byte 
sequence more strictly
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/ext/standard/html.c

Modified: php/php-src/branches/PHP_5_2/ext/standard/html.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/standard/html.c    2009-10-12 14:23:29 UTC 
(rev 289564)
+++ php/php-src/branches/PHP_5_2/ext/standard/html.c    2009-10-12 14:25:51 UTC 
(rev 289565)
@@ -484,15 +484,26 @@
                        }                        \
                        mbseq[mbpos++] = (mbchar); }

+/* skip one byte and return */
 #define MB_FAILURE(pos) do { \
+       *newpos = pos + 1; \
        *status = FAILURE; \
        return 0; \
 } while (0)

 #define CHECK_LEN(pos, chars_need)                     \
-       if((str_len - (pos)) < chars_need) {    \
-               *status = FAILURE;                                      \
-               return 0;                                                       
\
+       if (chars_need < 1) {                                           \
+               if((str_len - (pos)) < chars_need) {    \
+                       *newpos = pos;                                          
\
+                       *status = FAILURE;                                      
\
+                       return 0;                                               
        \
+               }                                                               
                \
+       } else {                                                                
        \
+               if((str_len - (pos)) < chars_need) {    \
+                       *newpos = pos + 1;                                      
\
+                       *status = FAILURE;                                      
\
+                       return 0;                                               
        \
+               }                                                               
                \
        }

 /* {{{ get_next_char

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to