From: Bob Weinand <bobwei9@hotmail.com>
Date: Mon, 20 Oct 2014 19:52:47 +0000 (+0200)
Subject: Fix off-by-one bug in text messages (msg/<phpdbg>)
X-Git-Tag: php-5.6.3RC1~51^2~27
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dfdc19fb2a3a4e3ed7627e47678e63b02cb01278;p=php

Fix off-by-one bug in text messages (msg/<phpdbg>)
---

diff --git a/phpdbg_utils.c b/phpdbg_utils.c
index e9fbdef963..ecdb5fbfea 100644
--- a/phpdbg_utils.c
+++ b/phpdbg_utils.c
@@ -1094,7 +1094,7 @@ static int phpdbg_encode_xml(char **buf, char *msg, int msglen, int from, char *
 	int i;
 	int tolen = to ? strlen(to) : 5;
 	char *tmp = *buf = emalloc(msglen * tolen);
-	for (i = 0; ++i < msglen; msg++) {
+	for (i = 0; i++ < msglen; msg++) {
 		if (*msg == '&') {
 			memcpy(tmp, ZEND_STRL("&amp;"));
 			tmp += sizeof("&amp;") - 1;
@@ -1118,20 +1118,17 @@ static int phpdbg_encode_xml(char **buf, char *msg, int msglen, int from, char *
 
 static void phpdbg_encode_ctrl_chars(char **buf, int *buflen) {
 	char *tmp, *tmpptr;
-	int len = *buflen;
+	int len;
 	int i;
 
 	tmp = tmpptr = emalloc(*buflen * 5);
 
 	for (i = 0; i < *buflen; i++) {
 		if ((*buf)[i] < 0x20) {
-			len += 4;
 			*tmpptr++ = '&';
 			*tmpptr++ = '#';
 			if ((unsigned int) ((*buf)[i]) > 9) {
 				*tmpptr++ = ((*buf)[i] / 10) + '0';
-			} else {
-				--len;
 			}
 			*tmpptr++ = ((*buf)[i] % 10) + '0';
 			*tmpptr++ = ';';