Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14324 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 79515 invoked by uid 1010); 10 Jan 2005 13:33:43 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 77677 invoked from network); 10 Jan 2005 13:32:36 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Jan 2005 13:32:36 -0000 X-Host-Fingerprint: 66.111.4.25 out1.smtp.messagingengine.com Received: from ([66.111.4.25:58179] helo=out1.smtp.messagingengine.com) by pb1.pair.com (ecelerity HEAD (r4059)) with SMTP id 3E/4E-25195-7B382E14 for ; Mon, 10 Jan 2005 08:31:49 -0500 Received: from web2.messagingengine.com (web2.internal [10.202.2.211]) by frontend1.messagingengine.com (Postfix) with ESMTP id EA6F8C4B36B; Mon, 10 Jan 2005 08:30:58 -0500 (EST) Received: by web2.messagingengine.com (Postfix, from userid 99) id D4307E1A; Mon, 10 Jan 2005 08:30:54 -0500 (EST) Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.5 (F2.73; T1.001; A1.64; B3.05; Q3.03) Cc: internals@lists.php.net To: wez@thebrainroom.com, jaakko.hyvatti@iki.fi, rasmus@php.net, moriyoshi@php.net Date: Mon, 10 Jan 2005 05:30:54 -0800 X-Sasl-Enc: AFgM1qmBHlz+c9V7zc9TFQ 1105363854 Message-ID: <1105363854.20278.212383668@webmail.messagingengine.com> Subject: Segmentation fault in html_entity_decode From: kameshj@fastmail.fm ("Kamesh Jayachandran") Hi All, The following script causes a segmentation fault in NetWare but not on Windows or Linux versions of php-5.0.3 I can not attribute to NetWare instead I could see the defect in our ext/standard/html.c The cause seems to be the following arrays are accessed with a index that is beyond their size 1)ent_uni_spacing(Actual size is 22 but accessed with a index 22) 2)ent_uni_8592_9002(Actual size is 410 but accessed with a index 410. From the name it seems that 9002 is a valid index so we need to add one more NULL at the end) Either we should add one more entry to the ent_uni_spacing array or reduce our endchar in entity_map You can see the index with which this arrays are accessed by putting a printf("k - entity_map[j].basechar = %d\n", k - entity_map[j].basechar); in a for loop which is around line 898 in html.c version 1.97.2.1. With regards Kamesh Jayachandran