More checks for php_strip_tags_ex

author: Stanislav Malyshev <stas@php.net> 2020-01-22 22:36:53 -0800
committer: Stanislav Malyshev <stas@php.net> 2020-01-22 22:37:30 -0800
commit: 2dc170e25d86a725fefd4c08f2bd8378820b28f5 (patch)
tree: f6425e67a0ef359c900c48ab6d6c40322888c0ac /ext
parent: 7e2bd95fa5fb903bc0e125f4bbb21b93f3de2398 (diff)
download: php-git-2dc170e25d86a725fefd4c08f2bd8378820b28f5.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c
index fb44cc505d..749e57b7d5 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4816,7 +4816,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const
 				switch (state) {
 					case 1: /* HTML/XML */
 						lc = '>';
-						if (is_xml && *(p -1) == '-') {
+						if (is_xml && p >= buf + 1 && *(p-1) == '-') {
 							break;
 						}
 						in_q = state = is_xml = 0;
@@ -4837,7 +4837,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const
 						break;
 
 					case 2: /* PHP */
-						if (!br && lc != '\"' && *(p-1) == '?') {
+						if (!br && lc != '\"' && p >= buf + 1 && *(p-1) == '?') {
 							in_q = state = 0;
 							tp = tbuf;
 						}
author	Stanislav Malyshev <stas@php.net>	2020-01-22 22:36:53 -0800
committer	Stanislav Malyshev <stas@php.net>	2020-01-22 22:37:30 -0800
commit	2dc170e25d86a725fefd4c08f2bd8378820b28f5 (patch)
tree	f6425e67a0ef359c900c48ab6d6c40322888c0ac /ext
parent	7e2bd95fa5fb903bc0e125f4bbb21b93f3de2398 (diff)
download	php-git-2dc170e25d86a725fefd4c08f2bd8378820b28f5.tar.gz