From: Dmitry Stogov <dmitry@php.net>
Date: Wed, 7 Dec 2005 09:00:29 +0000 (+0000)
Subject: Fixed memory overflow, because usage of initialized value
X-Git-Tag: RELEASE_1_0_4~497
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=52a9d56185d1d69712c76c0d1c99254281fb106f;p=php

Fixed memory overflow, because usage of initialized value
---

diff --git a/main/main.c b/main/main.c
index e35f3bde35..63daa7401a 100644
--- a/main/main.c
+++ b/main/main.c
@@ -556,6 +556,7 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
 	char *origin;
 	char *message;
 	char *stage;
+	int function_name_is_string = 1;
 
 	/* get error text into buffer and escape for html if necessary */
 	buffer_len = vspprintf(&buffer, 0, format, args);
@@ -595,6 +596,7 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
 				stage = "Unknown";
 		}
 	} else {
+		function_name_is_string = 0;
 		function = get_active_function_name(TSRMLS_C);
 		if (!function || !USTR_LEN(function)) {
 			stage = "Unknown";
@@ -604,9 +606,13 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
 
 	/* if we still have memory then format the origin */
 	if (function) {
-		spprintf(&origin, 0, "%v%s%v(%s)", class_name, space, function, params);	
+		if (function_name_is_string) {
+			origin_len = spprintf(&origin, 0, "%v%s%s(%s)", class_name, space, function, params);	
+		} else {
+			origin_len = spprintf(&origin, 0, "%v%s%v(%s)", class_name, space, function, params);	
+		}
 	} else {
-		spprintf(&origin, 0, "%s", stage);	
+		origin_len = spprintf(&origin, 0, "%s", stage);	
 	}
 
 	if (PG(html_errors)) {
@@ -614,7 +620,7 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
 		char *replace = php_escape_html_entities(origin, origin_len, &len, 0, ENT_COMPAT, NULL TSRMLS_CC);
 		efree(origin);
 		origin = replace;
-  	}
+	}
 
 	/* origin and buffer available, so lets come up with the error message */
 	if (docref && docref[0] == '#') {
@@ -624,7 +630,11 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
 
 	/* no docref given but function is known (the default) */
 	if (!docref && function) {
-		spprintf(&docref_buf, 0, "function.%v", function);
+		if (function_name_is_string) {
+			spprintf(&docref_buf, 0, "function.%s", function);
+		} else {
+			spprintf(&docref_buf, 0, "function.%v", function);
+		}
 		while((p = strchr(docref_buf, '_')) != NULL) {
 			*p = '-';
 		}