Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14353 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 10811 invoked by uid 1010); 12 Jan 2005 08:28:20 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 10596 invoked from network); 12 Jan 2005 08:28:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Jan 2005 08:28:14 -0000 X-Host-Fingerprint: 211.9.230.193 mgkyb1.nw.wakwak.com FreeBSD 4.6-4.9 Received: from ([211.9.230.193:2476] helo=mgkyb1.nw.wakwak.com) by pb1.pair.com (ecelerity HEAD (r4059)) with SMTP id D0/49-09312-D9FD4E14 for ; Wed, 12 Jan 2005 03:28:14 -0500 Received: from vckyb3.nw.wakwak.com (vckyb3.nw.wakwak.com [211.9.231.144]) by mgkyb1.nw.wakwak.com (8.13.2/8.13.2/2005-01-05) with SMTP id j0C8RuXl010925; Wed, 12 Jan 2005 17:27:58 +0900 (JST) (envelope-from moriyoshi@at.wakwak.com) Received: from at.wakwak.com (at.wakwak.com [211.9.230.135]) by vckyb3.nw.wakwak.com (Postfix) with ESMTP id B19DD3FE02; Wed, 12 Jan 2005 17:27:56 +0900 (JST) Received: from [192.168.0.2] (newcycle.as.wakwak.ne.jp [218.225.209.145]) (pbs=v70az2) by at.wakwak.com (8.13.2/8.13.2/2005-01-05) with ESMTP/inet id j0C8Rsxr041175; Wed, 12 Jan 2005 17:27:55 +0900 (JST) (envelope-from moriyoshi@at.wakwak.com) In-Reply-To: <1105515090.2801.212551532@webmail.messagingengine.com> References: <1105363854.20278.212383668@webmail.messagingengine.com> <80F349B2-6412-11D9-9D18-000A95CE0C62@at.wakwak.com> <1105515090.2801.212551532@webmail.messagingengine.com> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: multipart/mixed; boundary=Apple-Mail-6-509690980 Message-ID: Cc: jaakko.hyvatti@iki.fi, rasmus@php.net, moriyoshi@php.net, wez@thebrainroom.com, internals@lists.php.net Date: Wed, 12 Jan 2005 17:27:06 +0900 To: "Kamesh Jayachandran" X-Mailer: Apple Mail (2.619) Subject: Re: [PHP-DEV] Segmentation fault in html_entity_decode From: moriyoshi@at.wakwak.com (Moriyoshi Koizumi) --Apple-Mail-6-509690980 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On 2005/01/12, at 16:31, Kamesh Jayachandran wrote: > Hi Moriyoshi, > Still ent_uni_8592_9002's actual size is 410 but accessed with a index > 410. Huh? I'm confident about it :) It's certainly 411. --Apple-Mail-6-509690980 Content-Transfer-Encoding: 7bit Content-Type: text/plain; x-unix-mode=0644; name="test.c.txt" Content-Disposition: attachment; filename=test.c.txt #include static char *ent_uni_8592_9002[] = { /* 8592 (0x2190) */ "larr", "uarr", "rarr", "darr", "harr", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8608 (0x21a0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8624 (0x21b0) */ NULL, NULL, NULL, NULL, "crarr", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8640 (0x21c0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8656 (0x21d0) */ "lArr", "uArr", "rArr", "dArr", "hArr", "vArr", NULL, NULL, NULL, NULL, "lAarr", "rAarr", NULL, "rarrw", NULL, NULL, /* 8672 (0x21e0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8704 (0x2200) */ "forall", "comp", "part", "exist", "nexist", "empty", NULL, "nabla", "isin", "notin", "epsis", NULL, "ni", "bepsi", NULL, "prod", /* 8720 (0x2210) */ "coprod", "sum", "minus", "mnplus", "plusdo", NULL, "setmn", NULL, "compfn", NULL, "radic", NULL, NULL, "prop", "infin", "ang90", /* 8736 (0x2220) */ "ang", "angmsd", "angsph", "mid", "nmid", "par", "npar", "and", "or", "cap", "cup", "int", NULL, NULL, "conint", NULL, /* 8752 (0x2230) */ NULL, NULL, NULL, NULL, "there4", "becaus", NULL, NULL, NULL, NULL, NULL, NULL, "sim", "bsim", NULL, NULL, /* 8768 (0x2240) */ "wreath", "nsim", NULL, "sime", "nsime", "cong", NULL, "ncong", "ap", "nap", "ape", NULL, "bcong", "asymp", "bump", "bumpe", /* 8784 (0x2250) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8800 (0x2260) */ "ne", "equiv", NULL, NULL, "le", "ge", "lE", "gE", "lnE", "gnE", "Lt", "Gt", "twixt", NULL, "nlt", "ngt", /* 8816 (0x2270) */ "nles", "nges", "lsim", "gsim", NULL, NULL, "lg", "gl", NULL, NULL, "pr", "sc", "cupre", "sscue", "prsim", "scsim", /* 8832 (0x2280) */ "npr", "nsc", "sub", "sup", "nsub", "nsup", "sube", "supe", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8848 (0x2290) */ NULL, NULL, NULL, NULL, NULL, "oplus", NULL, "otimes", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8864 (0x22a0) */ NULL, NULL, NULL, NULL, NULL, "perp", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8880 (0x22b0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8896 (0x22c0) */ NULL, NULL, NULL, NULL, NULL, "sdot", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8912 (0x22d0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8928 (0x22e0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8944 (0x22f0) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8960 (0x2300) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "lceil", "rceil", "lfloor", "rfloor", NULL, NULL, NULL, NULL, /* 8976 (0x2310) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 8992 (0x2320) */ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "lang", "rang" }; main() { printf("%d %d\n", sizeof(ent_uni_8592_9002) / sizeof(ent_uni_8592_9002[0]), 9002 - 8592 + 1); } --Apple-Mail-6-509690980 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Moriyoshi > > With regards > Kamesh Jayachandran > > On Wed, 12 Jan 2005 05:51:01 +0900, "Moriyoshi Koizumi" > said: >> Now fixed in CVS. Thanks for the good report. >> >> Moriyoshi >> >> On 2005/01/10, at 22:30, Kamesh Jayachandran wrote: >> >>> Hi All, >>> The following script causes a segmentation fault in NetWare but not >>> on >>> Windows or Linux versions of php-5.0.3 >>> >> html_entity_decode(' ', ENT_QUOTES, 'UTF-8'); >>> ?> >>> >>> I can not attribute to NetWare instead I could see the defect in our >>> ext/standard/html.c >>> The cause seems to be the following arrays are accessed with a index >>> that is beyond their size >>> 1)ent_uni_spacing(Actual size is 22 but accessed with a index 22) >>> 2)ent_uni_8592_9002(Actual size is 410 but accessed with a index 410. >>> From the name it seems that 9002 is a valid index so we need to add >>> one >>> more NULL at the end) >>> Either we should add one more entry to the ent_uni_spacing array or >>> reduce our endchar in entity_map >>> You can see the index with which this arrays are accessed by putting >>> a >>> printf("k - entity_map[j].basechar = %d\n", k - >>> entity_map[j].basechar); >>> in a for loop which is around line 898 in html.c version 1.97.2.1. >> > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --Apple-Mail-6-509690980--