diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2016-08-20 02:16:39 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2016-08-20 02:28:18 +0200 |
| commit | 76c796fb2706f7cfd7fa2d4a2f69957d0d8318b0 (patch) | |
| tree | 4e7654c74f61cd75130efd6b282b33ed88684ac3 /ext | |
| parent | 98a155f336ea91cf5ceb96fc9e27aee6e2f2a746 (diff) | |
| parent | db1ef5cb00e6bcdd166179fe1293eb628054107b (diff) | |
| download | php-git-76c796fb2706f7cfd7fa2d4a2f69957d0d8318b0.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/xml/tests/bug72714.phpt | 35 | ||||
| -rw-r--r-- | ext/xml/xml.c | 20 |
2 files changed, 49 insertions, 6 deletions
diff --git a/ext/xml/tests/bug72714.phpt b/ext/xml/tests/bug72714.phpt new file mode 100644 index 0000000000..192c8f6949 --- /dev/null +++ b/ext/xml/tests/bug72714.phpt @@ -0,0 +1,35 @@ +--TEST-- +Bug #72714 (_xml_startElementHandler() segmentation fault) +--SKIPIF-- +<?php +if (!extension_loaded('xml')) die('skip xml extension not available'); +?> +--FILE-- +<?php +function startElement($parser, $name, $attribs) { + var_dump($name); +} + +function endElement($parser, $name) {} + +function parse($tagstart) { + $xml = '<ns1:total>867</ns1:total>'; + + $xml_parser = xml_parser_create(); + xml_set_element_handler($xml_parser, 'startElement', 'endElement'); + + xml_parser_set_option($xml_parser, XML_OPTION_SKIP_TAGSTART, $tagstart); + xml_parse($xml_parser, $xml); + + xml_parser_free($xml_parser); +} + +parse(3015809298423721); +parse(20); +?> +===DONE=== +--EXPECTF-- +Notice: xml_parser_set_option(): tagstart ignored in %s%ebug72714.php on line %d +string(9) "NS1:TOTAL" +string(0) "" +===DONE=== diff --git a/ext/xml/xml.c b/ext/xml/xml.c index c08e3818d5..c37fbf8ede 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -69,6 +69,10 @@ ZEND_GET_MODULE(xml) #endif /* COMPILE_DL_XML */ /* }}} */ + +#define SKIP_TAGSTART(str) ((str) + (parser->toffset > strlen(str) ? strlen(str) : + parser->toffset)) + + /* {{{ function prototypes */ PHP_MINIT_FUNCTION(xml); PHP_MINFO_FUNCTION(xml); @@ -727,7 +731,7 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch if (!Z_ISUNDEF(parser->startElementHandler)) { ZVAL_COPY(&args[0], &parser->index); - ZVAL_STRING(&args[1], ZSTR_VAL(tag_name) + parser->toffset); + ZVAL_STRING(&args[1], SKIP_TAGSTART(ZSTR_VAL(tag_name))); array_init(&args[2]); while (attributes && *attributes) { @@ -758,7 +762,7 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch _xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset); - add_assoc_string(&tag, "tag", ZSTR_VAL(tag_name) + parser->toffset); /* cast to avoid gcc-warning */ + add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */ add_assoc_string(&tag, "type", "open"); add_assoc_long(&tag, "level", parser->level); @@ -812,7 +816,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) if (!Z_ISUNDEF(parser->endElementHandler)) { ZVAL_COPY(&args[0], &parser->index); - ZVAL_STRING(&args[1], ZSTR_VAL(tag_name) + parser->toffset); + ZVAL_STRING(&args[1], SKIP_TAGSTART(ZSTR_VAL(tag_name))); xml_call_handler(parser, &parser->endElementHandler, parser->endElementPtr, 2, args, &retval); zval_ptr_dtor(&retval); @@ -828,7 +832,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) _xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset); - add_assoc_string(&tag, "tag", ZSTR_VAL(tag_name) + parser->toffset); /* cast to avoid gcc-warning */ + add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */ add_assoc_string(&tag, "type", "close"); add_assoc_long(&tag, "level", parser->level); @@ -922,9 +926,9 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) if (parser->level <= XML_MAXLEVEL && parser->level > 0) { array_init(&tag); - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + _xml_add_to_info(parser,SKIP_TAGSTART(parser->ltags[parser->level-1])); - add_assoc_string(&tag, "tag", parser->ltags[parser->level-1] + parser->toffset); + add_assoc_string(&tag, "tag", SKIP_TAGSTART(parser->ltags[parser->level-1])); add_assoc_str(&tag, "value", decoded_value); add_assoc_string(&tag, "type", "cdata"); add_assoc_long(&tag, "level", parser->level); @@ -1601,6 +1605,10 @@ PHP_FUNCTION(xml_parser_set_option) case PHP_XML_OPTION_SKIP_TAGSTART: convert_to_long_ex(val); parser->toffset = Z_LVAL_P(val); + if (parser->toffset < 0) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "tagstart ignored"); + parser->toffset = 0; + } break; case PHP_XML_OPTION_SKIP_WHITE: convert_to_long_ex(val); |