Edit report at https://bugs.php.net/bug.php?id=60965&edit=1
ID: 60965
Updated by: cataphr...@php.net
Reported by: cataphr...@php.net
Summary: Buffer overflow on htmlspecialchars/entities with
$double=false
-Status: Critical
+Status: Closed
Type: Bug
Package: Reproducible crash
Operating System: Any
PHP Version: 5.4SVN-2012-02-03 (SVN)
Assigned To: cataphract
Block user comment: N
Private report: N
Previous Comments:
------------------------------------------------------------------------
[2012-02-05 09:59:28] cataphr...@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=323074
Log: - Merge r323056 (see bug #60965).
------------------------------------------------------------------------
[2012-02-04 18:12:14] cataphr...@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=323056
Log: - Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false).
- Removed unused variable.
- Given maxlen the usual meaning of *len variables (terminator not included).
- Changed some comments.
------------------------------------------------------------------------
[2012-02-03 18:36:42] cataphr...@php.net
Yes, it is trunk/5.4 only.
------------------------------------------------------------------------
[2012-02-03 17:03:40] ras...@php.net
This is 5.4-only?
------------------------------------------------------------------------
[2012-02-03 10:48:29] cataphr...@php.net
Description:
------------
Long entities can cause a buffer overflow because the loop only guarantees 40
bytes available in beginning.
Test script:
---------------
<?php
echo
htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""',
ENT_QUOTES, 'UTF-8', false), "\n";
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60965&edit=1
