diff options
| author | Stanley Sufficool <ssufficool@php.net> | 2013-07-14 11:10:36 -0700 |
|---|---|---|
| committer | Stanley Sufficool <ssufficool@php.net> | 2013-07-14 11:10:36 -0700 |
| commit | 6e32a871a4a08c4c95ff61fb2be0d3f158882aea (patch) | |
| tree | 805ef320254a391d5d03d1a3617c1b23042d7f2a /ext/xml/xml.c | |
| parent | 598e2690b81a145589f6dfe06f77d9e3b66a7853 (diff) | |
| parent | e2e002d4ea7618039cabe925133760966c70b2a7 (diff) | |
| download | php-git-6e32a871a4a08c4c95ff61fb2be0d3f158882aea.tar.gz | |
Merge branch 'PHP-5.3' of https://git.php.net/push/php-src into PHP-5.3
* 'PHP-5.3' of https://git.php.net/push/php-src: (23 commits)
Merge PHP 5.3.27 NEWS
add test for bug #65236
truncate results at depth of 255 to prevent corruption
fix assembly of safe_address() for x86 and x86_64
Add bison 2.6.4 to the list of supported versions
Update git rules (5.5 is stable, 5.3 sec only)
This will be PHP 5.3.28
Fixed bug #63186 (compile failure on netbsd)
ensure the error_reporting level to get expected notice
fixed tests
missing tests for bug #53437
missing colon
Backported the fix for bug #53437
Fixed test script
Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems)
Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC)
Fixed bug #64934 Apache2 TS crash with get_browser()
Add NEWS for PHP 5.3.26
Fixed bug #64960 (Segfault in gc_zval_possible_root)
fix CVE-2013-2110 - use correct formula to calculate string size
...
Diffstat (limited to 'ext/xml/xml.c')
| -rw-r--r-- | ext/xml/xml.c | 90 |
1 files changed, 50 insertions, 40 deletions
diff --git a/ext/xml/xml.c b/ext/xml/xml.c index 1f0480b6c7..9f0bc30d98 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -427,7 +427,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) } if (parser->ltags) { int inx; - for (inx = 0; inx < parser->level; inx++) + for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) efree(parser->ltags[ inx ]); efree(parser->ltags); } @@ -905,45 +905,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch } if (parser->data) { - zval *tag, *atr; - int atcnt = 0; + if (parser->level <= XML_MAXLEVEL) { + zval *tag, *atr; + int atcnt = 0; - MAKE_STD_ZVAL(tag); - MAKE_STD_ZVAL(atr); + MAKE_STD_ZVAL(tag); + MAKE_STD_ZVAL(atr); - array_init(tag); - array_init(atr); + array_init(tag); + array_init(atr); - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ - add_assoc_string(tag,"type","open",1); - add_assoc_long(tag,"level",parser->level); + add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ + add_assoc_string(tag,"type","open",1); + add_assoc_long(tag,"level",parser->level); - parser->ltags[parser->level-1] = estrdup(tag_name); - parser->lastwasopen = 1; + parser->ltags[parser->level-1] = estrdup(tag_name); + parser->lastwasopen = 1; - attributes = (const XML_Char **) attrs; + attributes = (const XML_Char **) attrs; - while (attributes && *attributes) { - att = _xml_decode_tag(parser, attributes[0]); - val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - - add_assoc_stringl(atr,att,val,val_len,0); + while (attributes && *attributes) { + att = _xml_decode_tag(parser, attributes[0]); + val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - atcnt++; - attributes += 2; + add_assoc_stringl(atr,att,val,val_len,0); - efree(att); - } + atcnt++; + attributes += 2; - if (atcnt) { - zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); - } else { - zval_ptr_dtor(&atr); - } + efree(att); + } + + if (atcnt) { + zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); + } else { + zval_ptr_dtor(&atr); + } - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } efree(tag_name); @@ -995,7 +1000,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) efree(tag_name); - if (parser->ltags) { + if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { efree(parser->ltags[parser->level-1]); } @@ -1079,18 +1084,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) } } - MAKE_STD_ZVAL(tag); - - array_init(tag); - - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + if (parser->level <= XML_MAXLEVEL) { + MAKE_STD_ZVAL(tag); - add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); - add_assoc_string(tag,"value",decoded_value,0); - add_assoc_string(tag,"type","cdata",1); - add_assoc_long(tag,"level",parser->level); + array_init(tag); - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + + add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); + add_assoc_string(tag,"value",decoded_value,0); + add_assoc_string(tag,"type","cdata",1); + add_assoc_long(tag,"level",parser->level); + + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); + } else if (parser->level == (XML_MAXLEVEL + 1)) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); + } } } else { efree(decoded_value); |