]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bc32d6b)
Added missing boundary checks.
authorIlia Alshanetsky <iliaa@php.net>
Wed, 1 Nov 2006 01:55:11 +0000 (01:55 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Wed, 1 Nov 2006 01:55:11 +0000 (01:55 +0000)
ext/standard/html.c patch | blob | history

diff --git a/ext/standard/html.c b/ext/standard/html.c
index fdb0eb4fef17bb25c605da0162e96f924fc5fdb6..f2a6f72aa1ee47059eda88e8e74f5bb044c80f1b 100644 (file)
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1105,7 +1105,7 @@ PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newle
 
                matches_map = 0;
 
-               if (len + 9 > maxlen)
+               if (len + 16 > maxlen)
                        replaced = erealloc (replaced, maxlen += 128);
 
                if (all) {
@@ -1130,9 +1130,15 @@ PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newle
                        }
 
                        if (matches_map) {
+                               int l = strlen(rep);
+                               /* increase the buffer size */
+                               if (len + 2 + l >= maxlen) {
+                                       replaced = erealloc(replaced, maxlen += 128);
+                               }
+
                                replaced[len++] = '&';
                                strcpy(replaced + len, rep);
-                               len += strlen(rep);
+                               len += l;
                                replaced[len++] = ';';
                        }
                }
Unnamed repository; edit this file 'description' to name the repository.