Commit:    7d163e8a0880ae8af2dd869071393e5dc07ef271
Author:    Rob Richards <rricha...@php.net>         Sat, 6 Jul 2013 07:53:07 
-0400
Parents:   e964817b244d091dc38f59f5d7f1735110b698af
Branches:  PHP-5.3 PHP-5.4 PHP-5.5 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=7d163e8a0880ae8af2dd869071393e5dc07ef271

Log:
truncate results at depth of 255 to prevent corruption

Changed paths:
  M  ext/xml/xml.c


Diff:
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index 1f0480b..9f0bc30 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc 
TSRMLS_DC)
        }
        if (parser->ltags) {
                int inx;
-               for (inx = 0; inx < parser->level; inx++)
+               for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); 
inx++)
                        efree(parser->ltags[ inx ]);
                efree(parser->ltags);
        }
@@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const 
XML_Char *name, const XML_Ch
                } 
 
                if (parser->data) {
-                       zval *tag, *atr;
-                       int atcnt = 0;
+                       if (parser->level <= XML_MAXLEVEL)  {
+                               zval *tag, *atr;
+                               int atcnt = 0;
 
-                       MAKE_STD_ZVAL(tag);
-                       MAKE_STD_ZVAL(atr);
+                               MAKE_STD_ZVAL(tag);
+                               MAKE_STD_ZVAL(atr);
 
-                       array_init(tag);
-                       array_init(atr);
+                               array_init(tag);
+                               array_init(atr);
 
-                       _xml_add_to_info(parser,((char *) tag_name) + 
parser->toffset);
+                               _xml_add_to_info(parser,((char *) tag_name) + 
parser->toffset);
 
-                       add_assoc_string(tag,"tag",((char *) tag_name) + 
parser->toffset,1); /* cast to avoid gcc-warning */
-                       add_assoc_string(tag,"type","open",1);
-                       add_assoc_long(tag,"level",parser->level);
+                               add_assoc_string(tag,"tag",((char *) tag_name) 
+ parser->toffset,1); /* cast to avoid gcc-warning */
+                               add_assoc_string(tag,"type","open",1);
+                               add_assoc_long(tag,"level",parser->level);
 
-                       parser->ltags[parser->level-1] = estrdup(tag_name);
-                       parser->lastwasopen = 1;
+                               parser->ltags[parser->level-1] = 
estrdup(tag_name);
+                               parser->lastwasopen = 1;
 
-                       attributes = (const XML_Char **) attrs;
+                               attributes = (const XML_Char **) attrs;
 
-                       while (attributes && *attributes) {
-                               att = _xml_decode_tag(parser, attributes[0]);
-                               val = xml_utf8_decode(attributes[1], 
strlen(attributes[1]), &val_len, parser->target_encoding);
-                               
-                               add_assoc_stringl(atr,att,val,val_len,0);
+                               while (attributes && *attributes) {
+                                       att = _xml_decode_tag(parser, 
attributes[0]);
+                                       val = xml_utf8_decode(attributes[1], 
strlen(attributes[1]), &val_len, parser->target_encoding);
 
-                               atcnt++;
-                               attributes += 2;
+                                       
add_assoc_stringl(atr,att,val,val_len,0);
 
-                               efree(att);
-                       }
+                                       atcnt++;
+                                       attributes += 2;
 
-                       if (atcnt) {
-                               
zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
-                       } else {
-                               zval_ptr_dtor(&atr);
-                       }
+                                       efree(att);
+                               }
+
+                               if (atcnt) {
+                                       
zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
+                               } else {
+                                       zval_ptr_dtor(&atr);
+                               }
 
-                       
zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void 
*) &parser->ctag);
+                               
zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void 
*) &parser->ctag);
+                       } else if (parser->level == (XML_MAXLEVEL + 1)) {
+                               TSRMLS_FETCH();
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"Maximum depth exceeded - Results truncated");
+                       }
                }
 
                efree(tag_name);
@@ -995,7 +1000,7 @@ void _xml_endElementHandler(void *userData, const XML_Char 
*name)
 
                efree(tag_name);
 
-               if (parser->ltags) {
+               if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) {
                        efree(parser->ltags[parser->level-1]);
                }
 
@@ -1079,18 +1084,23 @@ void _xml_characterDataHandler(void *userData, const 
XML_Char *s, int len)
                                                }
                                        }
 
-                                       MAKE_STD_ZVAL(tag);
-                                       
-                                       array_init(tag);
-                                       
-                                       
_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
+                                       if (parser->level <= XML_MAXLEVEL) {
+                                               MAKE_STD_ZVAL(tag);
 
-                                       
add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
-                                       
add_assoc_string(tag,"value",decoded_value,0);
-                                       add_assoc_string(tag,"type","cdata",1);
-                                       
add_assoc_long(tag,"level",parser->level);
+                                               array_init(tag);
 
-                                       
zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
+                                               
_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
+
+                                               
add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
+                                               
add_assoc_string(tag,"value",decoded_value,0);
+                                               
add_assoc_string(tag,"type","cdata",1);
+                                               
add_assoc_long(tag,"level",parser->level);
+
+                                               
zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
+                                       } else if (parser->level == 
(XML_MAXLEVEL + 1)) {
+                                               TSRMLS_FETCH();
+                                               php_error_docref(NULL 
TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
+                                       }
                                }
                        } else {
                                efree(decoded_value);


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to