-- Ondřej Surý <[EMAIL PROTECTED]>
diff -urN php-5.1.6~/ext/standard/html.c php-5.1.6/ext/standard/html.c --- php-5.1.6~/ext/standard/html.c 2006-02-25 22:32:11.000000000 +0100 +++ php-5.1.6/ext/standard/html.c 2006-11-03 12:24:36.000000000 +0100 @@ -1096,7 +1096,7 @@ matches_map = 0; - if (len + 9 > maxlen) + if (len + 16 > maxlen) replaced = erealloc (replaced, maxlen += 128); if (all) { @@ -1121,9 +1121,15 @@ } if (matches_map) { + int l = strlen(rep); + /* increase the buffer size */ + if (len + 2 + l >= maxlen) { + replaced = erealloc(replaced, maxlen += 128); + } + replaced[len++] = '&'; strcpy(replaced + len, rep); - len += strlen(rep); + len += l; replaced[len++] = ';'; } }