From: Moriyoshi Koizumi Date: Thu, 16 Oct 2008 01:01:05 +0000 (+0000) Subject: - Fix bug #45722 (mb_check_encoding() crashes). X-Git-Tag: BEFORE_HEAD_NS_CHANGE~219 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=43e12e6bb15210f0a3f8ab4d995200d01686e506;p=php - Fix bug #45722 (mb_check_encoding() crashes). --- diff --git a/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c b/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c index 40c24c3424..6c6654a1b9 100644 --- a/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c +++ b/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c @@ -232,8 +232,7 @@ int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter) mbfl_filt_conv_html_dec_flush(filter); if (c=='&') { - filter->status = 1; - buffer[0] = '&'; + buffer[filter->status++] = '&'; } } } @@ -244,17 +243,19 @@ int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter) int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter) { int status, pos = 0; - char *buffer; + unsigned char *buffer; + int err = 0; - buffer = (char*)filter->opaque; + buffer = (unsigned char*)filter->opaque; status = filter->status; + filter->status = 0; /* flush fragments */ while (status--) { - CK((*filter->output_function)(buffer[pos++], filter->data)); + int e = (*filter->output_function)(buffer[pos++], filter->data); + if (e != 0) + err = e; } - filter->status = 0; - /*filter->buffer = 0; of cause NOT*/ - return 0; + return err; } diff --git a/ext/mbstring/tests/bug45722.phpt b/ext/mbstring/tests/bug45722.phpt new file mode 100644 index 0000000000..c05a010a8e --- /dev/null +++ b/ext/mbstring/tests/bug45722.phpt @@ -0,0 +1,8 @@ +--TEST-- +Bug #45722 (mb_check_encoding() crashes) +--FILE-- + +--EXPECT-- +bool(false)