moriyoshi Mon, 12 Oct 2009 14:25:51 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=289565
Log: - Bug #49785: take 3 - fixed infinite loop bug (only for 5.2) (reported by T.Komura. Thanks) Bug: http://bugs.php.net/49785 (Closed) htmlspecialchars() should check byte sequence more strictly Changed paths: U php/php-src/branches/PHP_5_2/ext/standard/html.c Modified: php/php-src/branches/PHP_5_2/ext/standard/html.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/standard/html.c 2009-10-12 14:23:29 UTC (rev 289564) +++ php/php-src/branches/PHP_5_2/ext/standard/html.c 2009-10-12 14:25:51 UTC (rev 289565) @@ -484,15 +484,26 @@ } \ mbseq[mbpos++] = (mbchar); } +/* skip one byte and return */ #define MB_FAILURE(pos) do { \ + *newpos = pos + 1; \ *status = FAILURE; \ return 0; \ } while (0) #define CHECK_LEN(pos, chars_need) \ - if((str_len - (pos)) < chars_need) { \ - *status = FAILURE; \ - return 0; \ + if (chars_need < 1) { \ + if((str_len - (pos)) < chars_need) { \ + *newpos = pos; \ + *status = FAILURE; \ + return 0; \ + } \ + } else { \ + if((str_len - (pos)) < chars_need) { \ + *newpos = pos + 1; \ + *status = FAILURE; \ + return 0; \ + } \ } /* {{{ get_next_char
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
