diff options
| author | Antony Dovgal <tony2001@php.net> | 2012-02-07 20:49:10 +0000 |
|---|---|---|
| committer | Antony Dovgal <tony2001@php.net> | 2012-02-07 20:49:10 +0000 |
| commit | 206f123bd3045a3e19620e89e6616fc0940c0a07 (patch) | |
| tree | 6643ed7d4b4a8b37b252b270ec8ece0dee095c8c | |
| parent | 73ccc0a5e98c360f6ef48592929cbd532243774d (diff) | |
| download | php-git-206f123bd3045a3e19620e89e6616fc0940c0a07.tar.gz | |
fix bug #54682 (tidy null pointer dereference)
| -rw-r--r-- | ext/tidy/tidy.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 55c33825d4..5ac1a69196 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -191,6 +191,7 @@ struct _PHPTidyDoc { TidyDoc doc; TidyBuffer *errbuf; unsigned int ref_count; + unsigned int initialized:1; }; struct _PHPTidyObj { @@ -688,6 +689,7 @@ static void tidy_object_new(zend_class_entry *class_type, zend_object_handlers * intern->ptdoc = emalloc(sizeof(PHPTidyDoc)); intern->ptdoc->doc = tidyCreate(); intern->ptdoc->ref_count = 1; + intern->ptdoc->initialized = 0; intern->ptdoc->errbuf = emalloc(sizeof(TidyBuffer)); tidyBufInit(intern->ptdoc->errbuf); @@ -1047,7 +1049,9 @@ static int php_tidy_parse_string(PHPTidyObj *obj, char *string, int len, char *e return FAILURE; } } - + + obj->ptdoc->initialized = 1; + tidyBufInit(&buf); tidyBufAttach(&buf, (byte *) string, len); if (tidyParseBuffer(obj->ptdoc->doc, &buf) < 0) { @@ -1336,7 +1340,7 @@ static PHP_FUNCTION(tidy_diagnose) { TIDY_FETCH_OBJECT; - if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { + if (obj->ptdoc->initialized && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { tidy_doc_update_properties(obj TSRMLS_CC); RETURN_TRUE; } |