Fix yy_limit computation after encoding switch

The three assignments above this line are still broken - they assume that byte offsets in one encoding directly map to byte offsets in another encoding. I'm fixing the length here because it is the one causing out-of-bounds reads and is easy to fix. For the others we'd have to actually compute new offsets.
author: Nikita Popov <nikic@php.net> 2014-09-11 14:51:02 +0200
committer: Nikita Popov <nikic@php.net> 2014-09-11 14:52:59 +0200
commit: e2d4d700cffe4cc7dcd2f486a77e0465ff937a3e (patch)
tree: d1d7100a729e68c19b91d6e48744cd290c5718e6 /Zend/zend_language_scanner.c
parent: f017843df37028aab161e42368aaa1caaa548322 (diff)
download: php-git-e2d4d700cffe4cc7dcd2f486a77e0465ff937a3e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_language_scanner.c b/Zend/zend_language_scanner.c
index e524e0b684..5bd2798cde 100644
--- a/Zend/zend_language_scanner.c
+++ b/Zend/zend_language_scanner.c
@@ -845,7 +845,7 @@ ZEND_API void zend_multibyte_yyinput_again(zend_encoding_filter old_input_filter
 	SCNG(yy_cursor) = new_yy_start + (SCNG(yy_cursor) - SCNG(yy_start));
 	SCNG(yy_marker) = new_yy_start + (SCNG(yy_marker) - SCNG(yy_start));
 	SCNG(yy_text) = new_yy_start + (SCNG(yy_text) - SCNG(yy_start));
-	SCNG(yy_limit) = new_yy_start + (SCNG(yy_limit) - SCNG(yy_start));
+	SCNG(yy_limit) = new_yy_start + length;
 
 	SCNG(yy_start) = new_yy_start;
 }
author	Nikita Popov <nikic@php.net>	2014-09-11 14:51:02 +0200
committer	Nikita Popov <nikic@php.net>	2014-09-11 14:52:59 +0200
commit	e2d4d700cffe4cc7dcd2f486a77e0465ff937a3e (patch)
tree	d1d7100a729e68c19b91d6e48744cd290c5718e6 /Zend/zend_language_scanner.c
parent	f017843df37028aab161e42368aaa1caaa548322 (diff)
download	php-git-e2d4d700cffe4cc7dcd2f486a77e0465ff937a3e.tar.gz