From 18b0a7870842e9a5495f525f896a97cb02ce78db Mon Sep 17 00:00:00 2001
From: Moriyoshi Koizumi <moriyoshi@php.net>
Date: Mon, 12 Oct 2009 14:25:51 +0000
Subject: [PATCH] - Bug #49785: take 3 - fixed infinite loop bug (only for 5.2)
 (reported by T.Komura. Thanks)

---
 ext/standard/html.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/ext/standard/html.c b/ext/standard/html.c
index 9627c94555..ff01c76cd8 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -484,15 +484,26 @@ struct basic_entities_dec {
 			}                        \
 			mbseq[mbpos++] = (mbchar); }
 
+/* skip one byte and return */
 #define MB_FAILURE(pos) do { \
+	*newpos = pos + 1; \
 	*status = FAILURE; \
 	return 0; \
 } while (0)
 
 #define CHECK_LEN(pos, chars_need)			\
-	if((str_len - (pos)) < chars_need) {	\
-		*status = FAILURE;					\
-		return 0;							\
+	if (chars_need < 1) {						\
+		if((str_len - (pos)) < chars_need) {	\
+			*newpos = pos;						\
+			*status = FAILURE;					\
+			return 0;							\
+		}										\
+	} else {									\
+		if((str_len - (pos)) < chars_need) {	\
+			*newpos = pos + 1;					\
+			*status = FAILURE;					\
+			return 0;							\
+		}										\
 	}
 
 /* {{{ get_next_char
-- 
2.40.0