From: Nuno Lopes Date: Tue, 23 Jan 2007 19:50:14 +0000 (+0000) Subject: MFB: fix a few crashes X-Git-Tag: RELEASE_1_0_0RC1~144 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e9d4b10d86f05ea254ae229e8cbe6b2847d36ce5;p=php MFB: fix a few crashes --- diff --git a/ext/tidy/tests/027.phpt b/ext/tidy/tests/027.phpt new file mode 100644 index 0000000000..8d9f66eaf7 --- /dev/null +++ b/ext/tidy/tests/027.phpt @@ -0,0 +1,59 @@ +--TEST-- +Bug: tidy segfaults with markup=false +--SKIPIF-- + +--FILE-- +tidyconfig = array( + 'indent' => false, + 'clean' => true, + 'merge-divs' => false, + 'quote-marks' => true, + 'drop-empty-paras' => false, + 'markup' => false, + 'output-xhtml' => true, + 'wrap' => 0); + + } + + abstract public function run(); + + public function getURL($url) { + $data = "awerawer"; // in my code, $data is downloaded from a site + + $tidy = new tidy; + $tidy->parseString($data, $this->tidyconfig, 'utf8'); + $tidy->cleanRepair(); + + return $tidy; + } + +} + +class ChildClass extends BaseClass { + public function ChildClass() { + parent::__construct(); + } + + public function run() { + $result = $this->getURL('awer'); + if ($result === null) { + echo "\tError:\n"; + } + var_dump((string)$result); + } +} + +$instance = new ChildClass(); +$instance->run(); + +?> +--EXPECT-- +string(0) "" diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 7fe50b7fc7..9b6b8e519f 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -42,7 +42,7 @@ /* {{{ ext/tidy macros */ -#define FIX_BUFFER(bptr) (bptr)->bp[(bptr)->size-1] = '\0' +#define FIX_BUFFER(bptr) do { if ((bptr)->size) { (bptr)->bp[(bptr)->size-1] = '\0'; } } while(0) #define TIDY_SET_CONTEXT \ zval *object = getThis(); @@ -526,7 +526,7 @@ static void php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_fil tidySaveBuffer (doc, &output); FIX_BUFFER(&output); - RETVAL_STRINGL((char *) output.bp, output.size-1, 1); + RETVAL_STRINGL((char *) output.bp, output.size ? output.size-1 : 0, 1); tidyBufFree(&output); } else { RETVAL_FALSE; @@ -690,14 +690,14 @@ static int tidy_doc_cast_handler(zval *in, zval *out, int type, void *extra TSRM obj = (PHPTidyObj *)zend_object_store_get_object(in TSRMLS_CC); tidyBufInit(&output); tidySaveBuffer (obj->ptdoc->doc, &output); - ZVAL_STRINGL(out, (char *) output.bp, output.size, 1); + ZVAL_STRINGL(out, (char *) output.bp, output.size ? output.size-1 : 0, 1); tidyBufFree(&output); break; case IS_UNICODE: obj = (PHPTidyObj *)zend_object_store_get_object(in TSRMLS_CC); tidySaveBuffer (obj->ptdoc->doc, &output); - ZVAL_U_STRINGL(obj->converter->conv, out, (char *) output.bp, output.size, 1); + ZVAL_U_STRINGL(obj->converter->conv, out, (char *) output.bp, output.size ? output.size-1 : 0, 1); tidyBufFree(&output); break; @@ -765,9 +765,9 @@ static void tidy_doc_update_properties(PHPTidyObj *obj TSRMLS_DC) if (output.size) { MAKE_STD_ZVAL(temp); if (UG(unicode)) { - ZVAL_U_STRINGL(obj->converter->conv, temp, (char *) output.bp, output.size, 1); + ZVAL_U_STRINGL(obj->converter->conv, temp, (char *) output.bp, output.size-1, 1); } else { - ZVAL_STRINGL(temp, (char *) output.bp, output.size, 1); + ZVAL_STRINGL(temp, (char *) output.bp, output.size-1, 1); } zend_ascii_hash_update(obj->std.properties, "value", sizeof("value"), (void *)&temp, sizeof(zval *), NULL); } @@ -1148,7 +1148,7 @@ static int php_tidy_output_handler(void **nothing, php_output_context *output_co tidySaveBuffer(doc, &outbuf); FIX_BUFFER(&outbuf); output_context->out.data = (char *) outbuf.bp; - output_context->out.used = outbuf.size - 1; + output_context->out.used = outbuf.size ? outbuf.size-1 : 0; output_context->out.free = 1; status = SUCCESS; } @@ -1224,7 +1224,7 @@ static PHP_FUNCTION(tidy_get_output) tidyBufInit(&output); tidySaveBuffer(obj->ptdoc->doc, &output); FIX_BUFFER(&output); - RETVAL_U_STRINGL(obj->converter->conv, (char *) output.bp, output.size-1, 1); + RETVAL_U_STRINGL(obj->converter->conv, (char *) output.bp, output.size ? output.size-1 : 0, 1); tidyBufFree(&output); } /* }}} */