diff options
| author | Aaron Piotrowski <aaron@trowski.com> | 2016-06-10 22:02:23 -0500 |
|---|---|---|
| committer | Aaron Piotrowski <aaron@trowski.com> | 2016-06-10 22:02:23 -0500 |
| commit | e3c681aa5cc71122a8d2fae42e6513fc413ccac8 (patch) | |
| tree | 5f1df62f7b666028edb0ee1adf083a52d63df45a /ext/dom/document.c | |
| parent | fb4e3085cbaa76eb8f28eebf848a81d1c0190067 (diff) | |
| parent | 792e89385ca6fc722a03590722eb7745a2374720 (diff) | |
| download | php-git-e3c681aa5cc71122a8d2fae42e6513fc413ccac8.tar.gz | |
Merge branch 'master' into throw-error-in-extensions
Diffstat (limited to 'ext/dom/document.c')
| -rw-r--r-- | ext/dom/document.c | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/ext/dom/document.c b/ext/dom/document.c index 288075c079..eabc032a1b 100644 --- a/ext/dom/document.c +++ b/ext/dom/document.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 7 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2015 The PHP Group | + | Copyright (c) 1997-2016 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -133,6 +133,7 @@ ZEND_END_ARG_INFO(); ZEND_BEGIN_ARG_INFO_EX(arginfo_dom_document_savexml, 0, 0, 0) ZEND_ARG_OBJ_INFO(0, node, DOMNode, 1) + ZEND_ARG_INFO(0, options) ZEND_END_ARG_INFO(); ZEND_BEGIN_ARG_INFO_EX(arginfo_dom_document_construct, 0, 0, 0) @@ -381,7 +382,7 @@ int dom_document_standalone_read(dom_object *obj, zval *retval) int dom_document_standalone_write(dom_object *obj, zval *newval) { xmlDoc *docp = (xmlDocPtr) dom_object_get_node(obj); - int standalone; + zend_long standalone; if (docp == NULL) { php_dom_throw_error(INVALID_STATE_ERR, 0); @@ -977,9 +978,9 @@ PHP_FUNCTION(dom_document_import_node) xmlNodePtr nodep, retnodep; dom_object *intern, *nodeobj; int ret; - zend_long recursive = 0; + zend_bool recursive = 0; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "OO|l", &id, dom_document_class_entry, &node, dom_node_class_entry, &recursive) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "OO|b", &id, dom_document_class_entry, &node, dom_node_class_entry, &recursive) == FAILURE) { return; } @@ -1492,6 +1493,14 @@ static void dom_parse_document(INTERNAL_FUNCTION_PARAMETERS, int mode) { php_error_docref(NULL, E_WARNING, "Empty string supplied as input"); RETURN_FALSE; } + if (ZEND_SIZE_T_INT_OVFL(source_len)) { + php_error_docref(NULL, E_WARNING, "Input string is too long"); + RETURN_FALSE; + } + if (ZEND_LONG_EXCEEDS_INT(options)) { + php_error_docref(NULL, E_WARNING, "Invalid options"); + RETURN_FALSE; + } newdoc = dom_document_parser(id, mode, source, source_len, options); @@ -1719,9 +1728,14 @@ PHP_FUNCTION(dom_document_xinclude) return; } + if (ZEND_LONG_EXCEEDS_INT(flags)) { + php_error_docref(NULL, E_WARNING, "Invalid flags"); + RETURN_FALSE; + } + DOM_GET_OBJ(docp, id, xmlDocPtr, intern); - err = xmlXIncludeProcessFlags(docp, flags); + err = xmlXIncludeProcessFlags(docp, (int)flags); /* XML_XINCLUDE_START and XML_XINCLUDE_END nodes need to be removed as these are added via xmlXIncludeProcess to mark beginning and ending of xincluded document @@ -1810,7 +1824,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); RETURN_FALSE; } - valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN); if (!valid_file) { php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); RETURN_FALSE; @@ -1910,7 +1924,7 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source"); RETURN_FALSE; } - valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN); if (!valid_file) { php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source"); RETURN_FALSE; @@ -2000,6 +2014,11 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ RETURN_FALSE; } + if (ZEND_LONG_EXCEEDS_INT(options)) { + php_error_docref(NULL, E_WARNING, "Invalid options"); + RETURN_FALSE; + } + if (mode == DOM_LOAD_FILE) { if (CHECK_NULL_PATH(source, source_len)) { php_error_docref(NULL, E_WARNING, "Invalid file source"); @@ -2008,7 +2027,11 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ ctxt = htmlCreateFileParserCtxt(source, NULL); } else { source_len = xmlStrlen((xmlChar *) source); - ctxt = htmlCreateMemoryParserCtxt(source, source_len); + if (ZEND_SIZE_T_INT_OVFL(source_len)) { + php_error_docref(NULL, E_WARNING, "Input string is too long"); + RETURN_FALSE; + } + ctxt = htmlCreateMemoryParserCtxt(source, (int)source_len); } if (!ctxt) { @@ -2016,7 +2039,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ } if (options) { - htmlCtxtUseOptions(ctxt, options); + htmlCtxtUseOptions(ctxt, (int)options); } ctxt->vctxt.error = php_libxml_ctx_error; |