Hi Derick and Joe,
html_entity_decode(' ‘†′⁄€',
ENT_QUOTES, 'UTF-8'); (same testcase bug #29119) is causing Segfault in
NetWare.
The cause of the segfault seems to be the size of ent_uni_338_402. Which
I persume should be of size 402-338+1=65
It used to be 63 in size till 1.97.2.5.
Bug fix 28067 by Derick seemed to have increased the size by 65 but with
wrong comment ending.
It resulted in the code as follows,
/* 376 (0x0178) <Caution>No end comment</Caution>
"Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/* 400 (0x0190)*/
NULL, NULL, "fnof"
Later Joe Orton fixed the above improper comment by extending the
comment to 3 more lines.
/* 376 (0x0178) <Caution>No end comment</Caution>
"Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/* 400 (0x0190)*/
hence the array ent_uni_338_402 got truncated greatly to the size of 41
bytes.
This causes a seg fault while php_unescape_html_entities access from
ent_uni_338_402 with the index 402-338=64
With regards
Kamesh Jayachandran
Hi Derick and Joe,
html_entity_decode(' ‘†′⁄€',
ENT_QUOTES, 'UTF-8'); (same testcase bug #29119) is causing Segfault in
NetWare.The cause of the segfault seems to be the size of ent_uni_338_402. Which
I persume should be of size 402-338+1=65It used to be 63 in size till 1.97.2.5.
Bug fix 28067 by Derick seemed to have increased the size by 65 but with
wrong comment ending.
It resulted in the code as follows,
/* 376 (0x0178) <Caution>No end comment</Caution>
"Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/* 400 (0x0190)*/
NULL, NULL, "fnof"Later Joe Orton fixed the above improper comment by extending the
comment to 3 more lines.
The comment already extended for the full three lines since it wasn't
terminated earlier. But I guess that was the mistake made in the
merge from the 4.3, and it was supposed to match the 4.3 code as below,
does this fix the segfault for you?
Index: html.c
RCS file: /repository/php-src/ext/standard/html.c,v
retrieving revision 1.107
diff -u -r1.107 html.c
--- html.c 1 May 2005 19:48:55 -0000 1.107
+++ html.c 11 May 2005 11:56:29 -0000
@@ -115,11 +115,11 @@
"Scaron", "scaron", NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
- /* 376 (0x0178)
- /* 376 (0x0178) */
"Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, */
- /* 400 (0x0190)*/
- /* 400 (0x0190) */
NULL, NULL, "fnof"
};
Hi Joe,
The array should be as follows,
static entity_table_t ent_uni_338_402[] = {
/* 338 (0x0152) /
"OElig", "oelig", NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/ 352 (0x0160) /
"Scaron", "scaron", NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/ 376 (0x0178) /
"Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/ 400 (0x0190)*/
NULL, NULL, "fnof"
};
Thanks
With regards
Kamesh Jayachandran
On Wed, 11 May 2005 12:58:21 +0100, "Joe Orton" jorton@redhat.com
said:
Hi Derick and Joe,
html_entity_decode(' ‘†′⁄€',
ENT_QUOTES, 'UTF-8'); (same testcase bug #29119) is causing Segfault in
NetWare.The cause of the segfault seems to be the size of ent_uni_338_402. Which
I persume should be of size 402-338+1=65It used to be 63 in size till 1.97.2.5.
Bug fix 28067 by Derick seemed to have increased the size by 65 but with
wrong comment ending.
It resulted in the code as follows,
/* 376 (0x0178) <Caution>No end comment</Caution>
"Yuml", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/* 400 (0x0190)*/
NULL, NULL, "fnof"Later Joe Orton fixed the above improper comment by extending the
comment to 3 more lines.The comment already extended for the full three lines since it wasn't
terminated earlier. But I guess that was the mistake made in the
merge from the 4.3, and it was supposed to match the 4.3 code as below,
does this fix the segfault for you?Index: html.c
RCS file: /repository/php-src/ext/standard/html.c,v
retrieving revision 1.107
diff -u -r1.107 html.c
--- html.c 1 May 2005 19:48:55 -0000 1.107
+++ html.c 11 May 2005 11:56:29 -0000
@@ -115,11 +115,11 @@
"Scaron", "scaron", NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
/* 376 (0x0178)
/* 376 (0x0178) */
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, */
/* 400 (0x0190)*/
/* 400 (0x0190) */
};