Skip to content

Instantly share code, notes, and snippets.

/72135.diff Secret

Created May 24, 2016 22:52
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save anonymous/8ef775c117d84ff15185953990a28576 to your computer and use it in GitHub Desktop.
Patch for 72135
commit e9559131152ab0fa89737db11ebe8f43e1435b96
Author: Stanislav Malyshev <stas@php.net>
Date: Tue May 24 15:52:15 2016 -0700
Better fix for bug #72135
diff --git a/ext/standard/html.c b/ext/standard/html.c
index 81d8aff..c5fd4b8 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1423,6 +1423,11 @@ encode_amp:
}
replaced[len] = '\0';
*newlen = len;
+ if(len > INT_MAX) {
+ zend_error_noreturn(E_ERROR, "Escaped string is too long");
+ efree(replaced);
+ return NULL;
+ }
return replaced;
}
@@ -1444,10 +1449,6 @@ static void php_html_entities(INTERNAL_FUNCTION_PARAMETERS, int all)
}
replaced = php_escape_html_entities_ex(str, str_len, &new_len, all, (int) flags, hint_charset, double_encode TSRMLS_CC);
- if (new_len > INT_MAX) {
- efree(replaced);
- RETURN_FALSE;
- }
RETVAL_STRINGL(replaced, (int)new_len, 0);
}
/* }}} */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment