Edit report at https://bugs.php.net/bug.php?id=60965&edit=1
ID: 60965
User updated by: khalid at istartus dot com
Reported by: khalid at istartus dot com
Summary: Buffer overflow on htmlspecialchars/entities with
$double=false
-Status: Closed
+Status: Assigned
Type: Bug
Package: Reproducible crash
Operating System: Any
PHP Version: 5.4SVN-2012-02-03 (SVN)
Assigned To: cataphract
Block user comment: N
Private report: N
New Comment:
hi
Previous Comments:
------------------------------------------------------------------------
[2012-02-05 09:59:28] [email protected]
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=323074
Log: - Merge r323056 (see bug #60965).
------------------------------------------------------------------------
[2012-02-04 18:12:14] [email protected]
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=323056
Log: - Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false).
- Removed unused variable.
- Given maxlen the usual meaning of *len variables (terminator not included).
- Changed some comments.
------------------------------------------------------------------------
[2012-02-03 18:36:42] [email protected]
Yes, it is trunk/5.4 only.
------------------------------------------------------------------------
[2012-02-03 17:03:40] [email protected]
This is 5.4-only?
------------------------------------------------------------------------
[2012-02-03 10:48:29] khalid at istartus dot com
Description:
------------
Long entities can cause a buffer overflow because the loop only guarantees 40
bytes available in beginning.
Test script:
---------------
<?php
echo
htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""',
ENT_QUOTES, 'UTF-8', false), "\n";
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60965&edit=1
