Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14350 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 21150 invoked by uid 1010); 12 Jan 2005 07:31:38 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 21129 invoked from network); 12 Jan 2005 07:31:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Jan 2005 07:31:37 -0000 X-Host-Fingerprint: 66.111.4.27 out3.smtp.messagingengine.com Received: from ([66.111.4.27:35929] helo=out3.smtp.messagingengine.com) by pb1.pair.com (ecelerity HEAD (r4059)) with SMTP id C0/95-09312-952D4E14 for ; Wed, 12 Jan 2005 02:31:37 -0500 Received: from web2.messagingengine.com (web2.internal [10.202.2.211]) by frontend1.messagingengine.com (Postfix) with ESMTP id F11E2C4B8D8; Wed, 12 Jan 2005 02:31:31 -0500 (EST) Received: by web2.messagingengine.com (Postfix, from userid 99) id B6BABF3F; Wed, 12 Jan 2005 02:31:30 -0500 (EST) Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.5 (F2.73; T1.001; A1.64; B3.05; Q3.03) Cc: jaakko.hyvatti@iki.fi, rasmus@php.net, moriyoshi@php.net, wez@thebrainroom.com, internals@lists.php.net References: <1105363854.20278.212383668@webmail.messagingengine.com> <80F349B2-6412-11D9-9D18-000A95CE0C62@at.wakwak.com> In-Reply-To: <80F349B2-6412-11D9-9D18-000A95CE0C62@at.wakwak.com> To: "Moriyoshi Koizumi" Date: Tue, 11 Jan 2005 23:31:30 -0800 X-Sasl-Enc: RBlMH4A15f+UFCaCU9A6pw 1105515090 Message-ID: <1105515090.2801.212551532@webmail.messagingengine.com> Subject: Re: [PHP-DEV] Segmentation fault in html_entity_decode From: kameshj@fastmail.fm ("Kamesh Jayachandran") Hi Moriyoshi, Still ent_uni_8592_9002's actual size is 410 but accessed with a index 410. With regards Kamesh Jayachandran On Wed, 12 Jan 2005 05:51:01 +0900, "Moriyoshi Koizumi" said: > Now fixed in CVS. Thanks for the good report. > > Moriyoshi > > On 2005/01/10, at 22:30, Kamesh Jayachandran wrote: > > > Hi All, > > The following script causes a segmentation fault in NetWare but not on > > Windows or Linux versions of php-5.0.3 > > > html_entity_decode(' ', ENT_QUOTES, 'UTF-8'); > > ?> > > > > I can not attribute to NetWare instead I could see the defect in our > > ext/standard/html.c > > The cause seems to be the following arrays are accessed with a index > > that is beyond their size > > 1)ent_uni_spacing(Actual size is 22 but accessed with a index 22) > > 2)ent_uni_8592_9002(Actual size is 410 but accessed with a index 410. > > From the name it seems that 9002 is a valid index so we need to add one > > more NULL at the end) > > Either we should add one more entry to the ent_uni_spacing array or > > reduce our endchar in entity_map > > You can see the index with which this arrays are accessed by putting a > > printf("k - entity_map[j].basechar = %d\n", k - > > entity_map[j].basechar); > > in a for loop which is around line 898 in html.c version 1.97.2.1. >