diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/mbstring/libmbfl/filters/mbfilter_htmlent.c | 10 | ||||
| -rw-r--r-- | ext/mbstring/libmbfl/filters/mbfilter_htmlent.h | 1 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug71606.phpt | 13 |
4 files changed, 26 insertions, 2 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #74947 (Segfault in scanner on INF number). (Laruence) . Fixed bug #74954 (null deref and segfault in zend_generator_resume()). (Bob) +- Mbstring: + . Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding). + (cmb) + - MySQLi: . Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class). (Anatol) diff --git a/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c b/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c index 9d530abfba..03b26cc0b7 100644 --- a/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c +++ b/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c @@ -88,7 +88,8 @@ const struct mbfl_convert_vtbl vtbl_html_wchar = { mbfl_filt_conv_html_dec_ctor, mbfl_filt_conv_html_dec_dtor, mbfl_filt_conv_html_dec, - mbfl_filt_conv_html_dec_flush }; + mbfl_filt_conv_html_dec_flush, + mbfl_filt_conv_html_dec_copy }; #define CK(statement) do { if ((statement) < 0) return (-1); } while (0) @@ -309,4 +310,9 @@ int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter) return err; } - +void mbfl_filt_conv_html_dec_copy(mbfl_convert_filter *src, mbfl_convert_filter *dest) +{ + *dest = *src; + dest->opaque = mbfl_malloc(html_enc_buffer_size+1); + memcpy(dest->opaque, src->opaque, html_enc_buffer_size+1); +} diff --git a/ext/mbstring/libmbfl/filters/mbfilter_htmlent.h b/ext/mbstring/libmbfl/filters/mbfilter_htmlent.h index 6b6ce49951..979f6011ea 100644 --- a/ext/mbstring/libmbfl/filters/mbfilter_htmlent.h +++ b/ext/mbstring/libmbfl/filters/mbfilter_htmlent.h @@ -42,6 +42,7 @@ int mbfl_filt_conv_html_enc(int c, mbfl_convert_filter *filter); int mbfl_filt_conv_html_enc_flush(mbfl_convert_filter *filter); int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter); int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter); +void mbfl_filt_conv_html_dec_copy(mbfl_convert_filter *src, mbfl_convert_filter *dest); void mbfl_filt_conv_html_dec_ctor(mbfl_convert_filter *filter); void mbfl_filt_conv_html_dec_dtor(mbfl_convert_filter *filter); diff --git a/ext/mbstring/tests/bug71606.phpt b/ext/mbstring/tests/bug71606.phpt new file mode 100644 index 0000000000..a09d7ad8db --- /dev/null +++ b/ext/mbstring/tests/bug71606.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #71606 (Segmentation fault mb_strcut + mb_list_encodings) +--SKIPIF-- +<?php +if (!extension_loaded('mbstring')) die('skip ext/mbstring not available'); +?> +--FILE-- +<?php +echo mb_strcut('"', 0, 0, 'HTML-ENTITIES'); +echo 'DONE', PHP_EOL; +?> +--EXPECT-- +DONE |