MFH: Added missing boundary checks.

author Ilia Alshanetsky <iliaa@php.net>

Wed, 1 Nov 2006 01:56:46 +0000 (01:56 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Wed, 1 Nov 2006 01:56:46 +0000 (01:56 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Wed, 1 Nov 2006 01:56:46 +0000 (01:56 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Wed, 1 Nov 2006 01:56:46 +0000 (01:56 +0000)
diff --git a/ext/standard/html.c b/ext/standard/html.c

index c22ad347a9b85459f64f08584fcdf31a12148230..e27bb6aee4945c92803c7e8748151632b5873886 100644 (file)
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newle
  
                 matches_map = 0;
  
-               if (len + 9 > maxlen)
+               if (len + 16 > maxlen)
                         replaced = erealloc (replaced, maxlen += 128);
  
                 if (all) {
@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newle
                         }
  
                         if (matches_map) {
+                               int l = strlen(rep);
+                               /* increase the buffer size */
+                               if (len + 2 + l >= maxlen) {
+                                       replaced = erealloc(replaced, maxlen += 128);
+                               }
+
                                 replaced[len++] = '&';
                                 strcpy(replaced + len, rep);
-                               len += strlen(rep);
+                               len += l;
                                 replaced[len++] = ';';
                         }
                 }
author	Ilia Alshanetsky <iliaa@php.net>
	Wed, 1 Nov 2006 01:56:46 +0000 (01:56 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Wed, 1 Nov 2006 01:56:46 +0000 (01:56 +0000)