Restore digit check in mb_decode_numericentity()

I replaced it with a multiplication overflow check in
18599f9c52959b2e8cbfac57e278644499a3547d. However, we need both,
because the code for restoring the number can't handle numbers
with many leading zeros right now and I don't feel like teaching it.

diff --git a/ext/mbstring/libmbfl/mbfl/mbfilter.c b/ext/mbstring/libmbfl/mbfl/mbfilter.c
index cec6daad945d54a3d948f5c6f53fe5016df86a3c..544eae9121d80dfbbae125d6ddf4048751da5419 100644 (file)
--- a/ext/mbstring/libmbfl/mbfl/mbfilter.c
+++ b/ext/mbstring/libmbfl/mbfl/mbfilter.c
@@ -2554,7 +2554,7 @@ collector_decode_htmlnumericentity(int c, void *data)
                f = 0;
                if (c >= 0x30 && c <= 0x39) {   /* '0' - '9' */
                        s = pc->cache;
-                       if (s > INT_MAX/10) {
+                       if (pc->digit > 9 || s > INT_MAX/10) {
                                pc->status = 0;
                                f = 1;
                        } else {

diff --git a/ext/mbstring/tests/mb_decode_numericentity.phpt b/ext/mbstring/tests/mb_decode_numericentity.phpt
index c728e2aa6927dea4541f9465fcd1522be9f0e253..f70e26a43c3fe1cc1cd5dcec064d2f9d6526af8b 100644 (file)
--- a/ext/mbstring/tests/mb_decode_numericentity.phpt
+++ b/ext/mbstring/tests/mb_decode_numericentity.phpt
@@ -19,6 +19,7 @@ echo mb_decode_numericentity('&#1000000000', $convmap), "\n";
 echo mb_decode_numericentity('&#9000000000', $convmap), "\n";
 echo mb_decode_numericentity('&#10000000000', $convmap), "\n";
 echo mb_decode_numericentity('&#100000000000', $convmap), "\n";
+echo mb_decode_numericentity('&#000000000000', $convmap), "\n";
 
 ?>
 --EXPECT--
@@ -29,3 +30,4 @@ aŒbœcŠdše€fg
 &#9000000000
 &#10000000000
 &#100000000000
+&#000000000000