Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:16211 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 80572 invoked by uid 1010); 11 May 2005 12:28:04 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 61670 invoked from network); 11 May 2005 12:05:38 -0000 Received: from unknown (HELO fastmail.fm) (127.0.0.1) by localhost with SMTP; 11 May 2005 12:05:38 -0000 X-Host-Fingerprint: 66.111.4.25 out1.smtp.messagingengine.com Received: from ([66.111.4.25:44573] helo=out1.smtp.messagingengine.com) by pb1.pair.com (ecelerity 1.2 r(5656M)) with SMTP id BA/E3-35155-215F1824 for ; Wed, 11 May 2005 08:05:38 -0400 Received: from web2.messagingengine.com (web2.internal [10.202.2.211]) by frontend1.messagingengine.com (Postfix) with ESMTP id 3F52BC8DFDD; Wed, 11 May 2005 08:05:34 -0400 (EDT) Received: by web2.messagingengine.com (Postfix, from userid 99) id 5E0C3EE6; Wed, 11 May 2005 08:05:30 -0400 (EDT) Message-ID: <1115813130.20250.233883085@webmail.messagingengine.com> X-Sasl-Enc: diWxKYlMIMVTR/iVfhxgJnPNpcCIkXPFFRn3z73Xvup7 1115813130 To: "Joe Orton" Cc: derick@php.net, internals@lists.php.net Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.5 (F2.73; T1.001; A1.64; B3.05; Q3.03) References: <1115810320.15383.233879420@webmail.messagingengine.com> <20050511115821.GA18178@redhat.com> In-Reply-To: <20050511115821.GA18178@redhat.com> Date: Wed, 11 May 2005 05:05:30 -0700 Subject: Re: segfault in html_entity_decode From: kameshj@fastmail.fm ("Kamesh Jayachandran") Hi Joe, The array should be as follows, static entity_table_t ent_uni_338_402[] = { /* 338 (0x0152) */ "OElig", "oelig", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 352 (0x0160) */ "Scaron", "scaron", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 376 (0x0178) */ "Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, /* 400 (0x0190)*/ NULL, NULL, "fnof" }; Thanks With regards Kamesh Jayachandran On Wed, 11 May 2005 12:58:21 +0100, "Joe Orton" said: > On Wed, May 11, 2005 at 04:18:40AM -0700, Kamesh Jayachandran wrote: > > Hi Derick and Joe, > > html_entity_decode('  ‘†′⁄€', > > ENT_QUOTES, 'UTF-8'); (same testcase bug #29119) is causing Segfault in > > NetWare. > > > > The cause of the segfault seems to be the size of ent_uni_338_402. Which > > I persume should be of size 402-338+1=65 > > > > It used to be 63 in size till 1.97.2.5. > > > > Bug fix 28067 by Derick seemed to have increased the size by 65 but with > > wrong comment ending. > > It resulted in the code as follows, > > /* 376 (0x0178) No end comment > > "Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL, > > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > > /* 400 (0x0190)*/ > > NULL, NULL, "fnof" > > > > Later Joe Orton fixed the above improper comment by extending the > > comment to 3 more lines. > > The comment already extended for the full three lines since it wasn't > terminated earlier. But I guess *that* was the mistake made in the > merge from the 4.3, and it was supposed to match the 4.3 code as below, > does this fix the segfault for you? > > Index: html.c > =================================================================== > RCS file: /repository/php-src/ext/standard/html.c,v > retrieving revision 1.107 > diff -u -r1.107 html.c > --- html.c 1 May 2005 19:48:55 -0000 1.107 > +++ html.c 11 May 2005 11:56:29 -0000 > @@ -115,11 +115,11 @@ > "Scaron", "scaron", NULL, NULL, NULL, NULL, NULL, NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > - /* 376 (0x0178) > + /* 376 (0x0178) */ > "Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, */ > - /* 400 (0x0190)*/ > + /* 400 (0x0190) */ > NULL, NULL, "fnof" > }; >