MFB: Added missing boundary checks.

author Ilia Alshanetsky <iliaa@php.net>

Wed, 1 Nov 2006 01:56:21 +0000 (01:56 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Wed, 1 Nov 2006 01:56:21 +0000 (01:56 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Wed, 1 Nov 2006 01:56:21 +0000 (01:56 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Wed, 1 Nov 2006 01:56:21 +0000 (01:56 +0000)
diff --git a/ext/standard/html.c b/ext/standard/html.c

index f276fa9f10b1b0428eff40a4aa903f710d5b6ebf..03b55ef5e8755349fc9a58f4002a0d478a066823 100644 (file)
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1107,7 +1107,7 @@ PHPAPI char *php_escape_html_entities(char *orig, int oldlen, int *newlen, int a
  
                 matches_map = 0;
  
-               if (len + 9 > maxlen)
+               if (len + 16 > maxlen)
                         replaced = erealloc (replaced, maxlen += 128);
  
                 if (all) {
@@ -1132,9 +1132,15 @@ PHPAPI char *php_escape_html_entities(char *orig, int oldlen, int *newlen, int a
                         }
  
                         if (matches_map) {
+                               int l = strlen(rep);
+                               /* increase the buffer size */
+                               if (len + 2 + l >= maxlen) {
+                                       replaced = erealloc(replaced, maxlen += 128);
+                               }
+
                                 replaced[len++] = '&';
                                 strcpy(replaced + len, rep);
-                               len += strlen(rep);
+                               len += l;
                                 replaced[len++] = ';';
                         }
                 }
author	Ilia Alshanetsky <iliaa@php.net>
	Wed, 1 Nov 2006 01:56:21 +0000 (01:56 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Wed, 1 Nov 2006 01:56:21 +0000 (01:56 +0000)