From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 1 Nov 2006 01:56:21 +0000 (+0000)
Subject: MFB: Added missing boundary checks.
X-Git-Tag: RELEASE_1_0_0RC1~1157
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3482d768231cb2302a991c49fb7398ce94e84470;p=php

MFB: Added missing boundary checks.
---

diff --git a/ext/standard/html.c b/ext/standard/html.c
index f276fa9f10..03b55ef5e8 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1107,7 +1107,7 @@ PHPAPI char *php_escape_html_entities(char *orig, int oldlen, int *newlen, int a
 
 		matches_map = 0;
 
-		if (len + 9 > maxlen)
+		if (len + 16 > maxlen)
 			replaced = erealloc (replaced, maxlen += 128);
 
 		if (all) {
@@ -1132,9 +1132,15 @@ PHPAPI char *php_escape_html_entities(char *orig, int oldlen, int *newlen, int a
 			}
 
 			if (matches_map) {
+				int l = strlen(rep);
+				/* increase the buffer size */
+				if (len + 2 + l >= maxlen) {
+					replaced = erealloc(replaced, maxlen += 128);
+				}
+
 				replaced[len++] = '&';
 				strcpy(replaced + len, rep);
-				len += strlen(rep);
+				len += l;
 				replaced[len++] = ';';
 			}
 		}