. Fixed bug #74947 (Segfault in scanner on INF number). (Laruence)
. Fixed bug #74954 (null deref and segfault in zend_generator_resume()). (Bob)
+- Mbstring:
+ . Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
+ (cmb)
+
- MySQLi:
. Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with
an abstract class). (Anatol)
mbfl_filt_conv_html_dec_ctor,
mbfl_filt_conv_html_dec_dtor,
mbfl_filt_conv_html_dec,
- mbfl_filt_conv_html_dec_flush };
+ mbfl_filt_conv_html_dec_flush,
+ mbfl_filt_conv_html_dec_copy };
#define CK(statement) do { if ((statement) < 0) return (-1); } while (0)
return err;
}
-
+void mbfl_filt_conv_html_dec_copy(mbfl_convert_filter *src, mbfl_convert_filter *dest)
+{
+ *dest = *src;
+ dest->opaque = mbfl_malloc(html_enc_buffer_size+1);
+ memcpy(dest->opaque, src->opaque, html_enc_buffer_size+1);
+}
int mbfl_filt_conv_html_enc_flush(mbfl_convert_filter *filter);
int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter);
int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter);
+void mbfl_filt_conv_html_dec_copy(mbfl_convert_filter *src, mbfl_convert_filter *dest);
void mbfl_filt_conv_html_dec_ctor(mbfl_convert_filter *filter);
void mbfl_filt_conv_html_dec_dtor(mbfl_convert_filter *filter);
--- /dev/null
+--TEST--
+Bug #71606 (Segmentation fault mb_strcut + mb_list_encodings)
+--SKIPIF--
+<?php
+if (!extension_loaded('mbstring')) die('skip ext/mbstring not available');
+?>
+--FILE--
+<?php
+echo mb_strcut('"', 0, 0, 'HTML-ENTITIES');
+echo 'DONE', PHP_EOL;
+?>
+--EXPECT--
+DONE
projects / php / commitdiff