[PHP-CVS] com php-src: truncate results at depth of 255 to prevent corruption: ext/xml/xml.c
Commit:fd803718df0aa413fd8c47eaa030fcc61f3feb28
Author:Rob Richards rricha...@php.net Sat, 6 Jul 2013 07:53:07
-0400
Committer: Johannes Schlüter johan...@php.net Wed, 10 Jul 2013 19:40:44
+0200
Parents: 55c279ed3fd6de8ce4d9d16d98ae7bce1a8b73fa
Branches: PHP-5.3.27
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=fd803718df0aa413fd8c47eaa030fcc61f3feb28
Log:
truncate results at depth of 255 to prevent corruption
Changed paths:
M ext/xml/xml.c
Diff:
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index 1f0480b..9f0bc30 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc
TSRMLS_DC)
}
if (parser-ltags) {
int inx;
- for (inx = 0; inx parser-level; inx++)
+ for (inx = 0; ((inx parser-level) (inx XML_MAXLEVEL));
inx++)
efree(parser-ltags[ inx ]);
efree(parser-ltags);
}
@@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const
XML_Char *name, const XML_Ch
}
if (parser-data) {
- zval *tag, *atr;
- int atcnt = 0;
+ if (parser-level = XML_MAXLEVEL) {
+ zval *tag, *atr;
+ int atcnt = 0;
- MAKE_STD_ZVAL(tag);
- MAKE_STD_ZVAL(atr);
+ MAKE_STD_ZVAL(tag);
+ MAKE_STD_ZVAL(atr);
- array_init(tag);
- array_init(atr);
+ array_init(tag);
+ array_init(atr);
- _xml_add_to_info(parser,((char *) tag_name) +
parser-toffset);
+ _xml_add_to_info(parser,((char *) tag_name) +
parser-toffset);
- add_assoc_string(tag,tag,((char *) tag_name) +
parser-toffset,1); /* cast to avoid gcc-warning */
- add_assoc_string(tag,type,open,1);
- add_assoc_long(tag,level,parser-level);
+ add_assoc_string(tag,tag,((char *) tag_name)
+ parser-toffset,1); /* cast to avoid gcc-warning */
+ add_assoc_string(tag,type,open,1);
+ add_assoc_long(tag,level,parser-level);
- parser-ltags[parser-level-1] = estrdup(tag_name);
- parser-lastwasopen = 1;
+ parser-ltags[parser-level-1] =
estrdup(tag_name);
+ parser-lastwasopen = 1;
- attributes = (const XML_Char **) attrs;
+ attributes = (const XML_Char **) attrs;
- while (attributes *attributes) {
- att = _xml_decode_tag(parser, attributes[0]);
- val = xml_utf8_decode(attributes[1],
strlen(attributes[1]), val_len, parser-target_encoding);
-
- add_assoc_stringl(atr,att,val,val_len,0);
+ while (attributes *attributes) {
+ att = _xml_decode_tag(parser,
attributes[0]);
+ val = xml_utf8_decode(attributes[1],
strlen(attributes[1]), val_len, parser-target_encoding);
- atcnt++;
- attributes += 2;
+
add_assoc_stringl(atr,att,val,val_len,0);
- efree(att);
- }
+ atcnt++;
+ attributes += 2;
- if (atcnt) {
-
zend_hash_add(Z_ARRVAL_P(tag),attributes,sizeof(attributes),atr,sizeof(zval*),NULL);
- } else {
- zval_ptr_dtor(atr);
- }
+ efree(att);
+ }
+
+ if (atcnt) {
+
zend_hash_add(Z_ARRVAL_P(tag),attributes,sizeof(attributes),atr,sizeof(zval*),NULL);
+ } else {
+ zval_ptr_dtor(atr);
+ }
-
zend_hash_next_index_insert(Z_ARRVAL_P(parser-data),tag,sizeof(zval*),(void
*) parser-ctag);
+
zend_hash_next_index_insert(Z_ARRVAL_P(parser-data),tag,sizeof(zval*),(void
*) parser-ctag);
+ } else if (parser-level == (XML_MAXLEVEL + 1)) {
+ TSRMLS_FETCH();
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
[PHP-CVS] com php-src: truncate results at depth of 255 to prevent corruption: ext/xml/xml.c
Commit:7d163e8a0880ae8af2dd869071393e5dc07ef271
Author:Rob Richards rricha...@php.net Sat, 6 Jul 2013 07:53:07
-0400
Parents: e964817b244d091dc38f59f5d7f1735110b698af
Branches: PHP-5.3 PHP-5.4 PHP-5.5 master
Link:
http://git.php.net/?p=php-src.git;a=commitdiff;h=7d163e8a0880ae8af2dd869071393e5dc07ef271
Log:
truncate results at depth of 255 to prevent corruption
Changed paths:
M ext/xml/xml.c
Diff:
diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index 1f0480b..9f0bc30 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc
TSRMLS_DC)
}
if (parser-ltags) {
int inx;
- for (inx = 0; inx parser-level; inx++)
+ for (inx = 0; ((inx parser-level) (inx XML_MAXLEVEL));
inx++)
efree(parser-ltags[ inx ]);
efree(parser-ltags);
}
@@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const
XML_Char *name, const XML_Ch
}
if (parser-data) {
- zval *tag, *atr;
- int atcnt = 0;
+ if (parser-level = XML_MAXLEVEL) {
+ zval *tag, *atr;
+ int atcnt = 0;
- MAKE_STD_ZVAL(tag);
- MAKE_STD_ZVAL(atr);
+ MAKE_STD_ZVAL(tag);
+ MAKE_STD_ZVAL(atr);
- array_init(tag);
- array_init(atr);
+ array_init(tag);
+ array_init(atr);
- _xml_add_to_info(parser,((char *) tag_name) +
parser-toffset);
+ _xml_add_to_info(parser,((char *) tag_name) +
parser-toffset);
- add_assoc_string(tag,tag,((char *) tag_name) +
parser-toffset,1); /* cast to avoid gcc-warning */
- add_assoc_string(tag,type,open,1);
- add_assoc_long(tag,level,parser-level);
+ add_assoc_string(tag,tag,((char *) tag_name)
+ parser-toffset,1); /* cast to avoid gcc-warning */
+ add_assoc_string(tag,type,open,1);
+ add_assoc_long(tag,level,parser-level);
- parser-ltags[parser-level-1] = estrdup(tag_name);
- parser-lastwasopen = 1;
+ parser-ltags[parser-level-1] =
estrdup(tag_name);
+ parser-lastwasopen = 1;
- attributes = (const XML_Char **) attrs;
+ attributes = (const XML_Char **) attrs;
- while (attributes *attributes) {
- att = _xml_decode_tag(parser, attributes[0]);
- val = xml_utf8_decode(attributes[1],
strlen(attributes[1]), val_len, parser-target_encoding);
-
- add_assoc_stringl(atr,att,val,val_len,0);
+ while (attributes *attributes) {
+ att = _xml_decode_tag(parser,
attributes[0]);
+ val = xml_utf8_decode(attributes[1],
strlen(attributes[1]), val_len, parser-target_encoding);
- atcnt++;
- attributes += 2;
+
add_assoc_stringl(atr,att,val,val_len,0);
- efree(att);
- }
+ atcnt++;
+ attributes += 2;
- if (atcnt) {
-
zend_hash_add(Z_ARRVAL_P(tag),attributes,sizeof(attributes),atr,sizeof(zval*),NULL);
- } else {
- zval_ptr_dtor(atr);
- }
+ efree(att);
+ }
+
+ if (atcnt) {
+
zend_hash_add(Z_ARRVAL_P(tag),attributes,sizeof(attributes),atr,sizeof(zval*),NULL);
+ } else {
+ zval_ptr_dtor(atr);
+ }
-
zend_hash_next_index_insert(Z_ARRVAL_P(parser-data),tag,sizeof(zval*),(void
*) parser-ctag);
+
zend_hash_next_index_insert(Z_ARRVAL_P(parser-data),tag,sizeof(zval*),(void
*) parser-ctag);
+ } else if (parser-level == (XML_MAXLEVEL + 1)) {
+ TSRMLS_FETCH();
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
Maximum depth exceeded - Results truncated);
+
