#22301 [Opn]: htmlspecialchars crashes Apache

Tue, 25 Feb 2003 10:43:32 -0800 

 ID:               22301
 User updated by:  peter at alcor dot concordia dot ca
 Reported By:      peter at alcor dot concordia dot ca
 Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Tru64 Unix 5.1A
 PHP Version:      4.3.0
 New Comment:

the previous diff is for ext/standard/html.c, just in case


Previous Comments:
------------------------------------------------------------------------

[2003-02-25 12:04:05] peter at alcor dot concordia dot ca

Surprisingly this fixes the problem:

--- html.c.original     2002-12-12 09:52:09.000000000 -0500
+++ html.c      2003-02-25 13:01:05.000000000 -0500
@@ -827,7 +827,8 @@
 {
        char *str, *hint_charset = NULL;
        int str_len, hint_charset_len = 0;
-       int len, quote_style = ENT_COMPAT;
+       int len; 
+       long quote_style = ENT_COMPAT;
        char *replaced;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ls",
&str, &str_len,

------------------------------------------------------------------------

[2003-02-23 23:21:40] [EMAIL PROTECTED]

Could you provide us a backtrace so we can have a better insight into
this issue?

If you are unsure how to generate a backtrace, see
http://bugs.php.net/bugs-generating-backtrace.php

Thanks for your cooperation.

------------------------------------------------------------------------

[2003-02-19 15:29:57] peter at alcor dot concordia dot ca

If htmlspecialchars called with three parameters, 
zend_parse_parameters (inside php_html_entities function) 
doesn't properly initialize str pointer.

------------------------------------------------------------------------

[2003-02-19 11:36:55] peter at alcor dot concordia dot ca

This code crashes Apache on Tru64 Unix version 5.1A: 
 
<?php 
 
echo htmlspecialchars("That crashes Apache", ENT_QUOTES, 
"ISO-8859-1"); 
 
?> 
 
(dbx) run -X -f /pubmail/apache/conf/httpd.conf 
Unaligned access pid=148971 <httpd> va=0x14009ff7c 
pc=0x1200f6c08 ra=0x120111e90 inst=0xb4290000 
Unaligned access pid=148971 <httpd> va=0x14009ff7c 
pc=0x1200f6c08 ra=0x120111e90 inst=0xb4290000 
Unaligned access pid=148971 <httpd> va=0x11fff965c 
pc=0x1201164c0 ra=0x120116e8c inst=0xb42d0000 
signal Segmentation fault at   [get_next_char:6 
+0xfdc,0x12018a7ec] 
(dbx) 
 
I suspect it's 64-bit cleanness-related. 

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=22301&edit=1

Reply via email to