Edit report at https://bugs.php.net/bug.php?id=60965&edit=1
ID: 60965 Updated by: cataphr...@php.net Reported by: cataphr...@php.net Summary: Buffer overflow on htmlspecialchars/entities with $double=false -Status: Open +Status: Critical Type: Bug Package: Reproducible crash Operating System: Any PHP Version: 5.4SVN-2012-02-03 (SVN) -Assigned To: +Assigned To: cataphract Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2012-02-03 10:48:29] cataphr...@php.net Description: ------------ Long entities can cause a buffer overflow because the loop only guarantees 40 bytes available in beginning. Test script: --------------- <?php echo htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""', ENT_QUOTES, 'UTF-8', false), "\n"; ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60965&edit=1