From 3482d768231cb2302a991c49fb7398ce94e84470 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Wed, 1 Nov 2006 01:56:21 +0000 Subject: [PATCH] MFB: Added missing boundary checks. --- ext/standard/html.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ext/standard/html.c b/ext/standard/html.c index f276fa9f10..03b55ef5e8 100644 --- a/ext/standard/html.c +++ b/ext/standard/html.c @@ -1107,7 +1107,7 @@ PHPAPI char *php_escape_html_entities(char *orig, int oldlen, int *newlen, int a matches_map = 0; - if (len + 9 > maxlen) + if (len + 16 > maxlen) replaced = erealloc (replaced, maxlen += 128); if (all) { @@ -1132,9 +1132,15 @@ PHPAPI char *php_escape_html_entities(char *orig, int oldlen, int *newlen, int a } if (matches_map) { + int l = strlen(rep); + /* increase the buffer size */ + if (len + 2 + l >= maxlen) { + replaced = erealloc(replaced, maxlen += 128); + } + replaced[len++] = '&'; strcpy(replaced + len, rep); - len += strlen(rep); + len += l; replaced[len++] = ';'; } } -- 2.50.1