From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 1 Nov 2006 01:56:46 +0000 (+0000)
Subject: MFH: Added missing boundary checks.
X-Git-Tag: php-4.4.5RC1~50
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=42bc8e3219b0e46c3c9a2f489196a90a3646ba6d;p=php

MFH: Added missing boundary checks.
---

diff --git a/ext/standard/html.c b/ext/standard/html.c
index c22ad347a9..e27bb6aee4 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newle
 
 		matches_map = 0;
 
-		if (len + 9 > maxlen)
+		if (len + 16 > maxlen)
 			replaced = erealloc (replaced, maxlen += 128);
 
 		if (all) {
@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(unsigned char *old, int oldlen, int *newle
 			}
 
 			if (matches_map) {
+				int l = strlen(rep);
+				/* increase the buffer size */
+				if (len + 2 + l >= maxlen) {
+					replaced = erealloc(replaced, maxlen += 128);
+				}
+
 				replaced[len++] = '&';
 				strcpy(replaced + len, rep);
-				len += strlen(rep);
+				len += l;
 				replaced[len++] = ';';
 			}
 		}