Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:16209 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 15015 invoked by uid 1010); 11 May 2005 11:37:36 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 95857 invoked from network); 11 May 2005 11:18:48 -0000 Received: from unknown (HELO auna.net) (127.0.0.1) by localhost with SMTP; 11 May 2005 11:18:48 -0000 X-Host-Fingerprint: 66.111.4.25 out1.smtp.messagingengine.com Received: from ([66.111.4.25:59970] helo=out1.smtp.messagingengine.com) by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP id 9C/60-35155-71AE1824 for ; Wed, 11 May 2005 07:18:48 -0400 Received: from web2.messagingengine.com (web2.internal [10.202.2.211]) by frontend1.messagingengine.com (Postfix) with ESMTP id 2D2DDC8DE6D; Wed, 11 May 2005 07:18:44 -0400 (EDT) Received: by web2.messagingengine.com (Postfix, from userid 99) id A67E89D1; Wed, 11 May 2005 07:18:40 -0400 (EDT) Message-ID: <1115810320.15383.233879420@webmail.messagingengine.com> X-Sasl-Enc: i5aOZ1lilIbth9GEX86owPaITVh7Slon1fDvv2ZM1z+N 1115810320 To: derick@php.net, jorton@php.net Cc: internals@lists.php.net Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.5 (F2.73; T1.001; A1.64; B3.05; Q3.03) Date: Wed, 11 May 2005 04:18:40 -0700 Subject: segfault in html_entity_decode From: kameshj@fastmail.fm ("Kamesh Jayachandran") Hi Derick and Joe, html_entity_decode('  ‘†′⁄€', ENT_QUOTES, 'UTF-8'); (same testcase bug #29119) is causing Segfault in NetWare. The cause of the segfault seems to be the size of ent_uni_338_402. Which I persume should be of size 402-338+1=65 It used to be 63 in size till 1.97.2.5. Bug fix 28067 by Derick seemed to have increased the size by 65 but with wrong comment ending. It resulted in the code as follows, /* 376 (0x0178) No end comment "Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 400 (0x0190)*/ NULL, NULL, "fnof" Later Joe Orton fixed the above improper comment by extending the comment to 3 more lines. /* 376 (0x0178) No end comment "Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 400 (0x0190)*/ hence the array ent_uni_338_402 got truncated greatly to the size of 41 bytes. This causes a seg fault while php_unescape_html_entities access from ent_uni_338_402 with the index 402-338=64 With regards Kamesh Jayachandran