239
|
1 |
From
|
|
2 |
http://git.php.net/?p=php-src.git;a=commitdiff;h=7d163e8a0880ae8af2dd869071393e5dc07ef271
|
|
3 |
truncate results at depth of 255 to prevent corruption
|
|
4 |
|
|
5 |
--- php-5.2.17/ext/xml/xml.c_orig 2010-11-03 07:18:28.000000000 -0700
|
|
6 |
+++ php-5.2.17/ext/xml/xml.c 2013-07-12 08:31:01.397237583 -0700
|
|
7 |
@@ -322,7 +322,7 @@
|
|
8 |
}
|
|
9 |
if (parser->ltags) {
|
|
10 |
int inx;
|
|
11 |
- for (inx = 0; inx < parser->level; inx++)
|
|
12 |
+ for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++)
|
|
13 |
efree(parser->ltags[ inx ]);
|
|
14 |
efree(parser->ltags);
|
|
15 |
}
|
|
16 |
@@ -800,45 +800,50 @@
|
|
17 |
}
|
|
18 |
|
|
19 |
if (parser->data) {
|
|
20 |
- zval *tag, *atr;
|
|
21 |
- int atcnt = 0;
|
|
22 |
+ if (parser->level <= XML_MAXLEVEL) {
|
|
23 |
+ zval *tag, *atr;
|
|
24 |
+ int atcnt = 0;
|
|
25 |
|
|
26 |
- MAKE_STD_ZVAL(tag);
|
|
27 |
- MAKE_STD_ZVAL(atr);
|
|
28 |
+ MAKE_STD_ZVAL(tag);
|
|
29 |
+ MAKE_STD_ZVAL(atr);
|
|
30 |
|
|
31 |
- array_init(tag);
|
|
32 |
- array_init(atr);
|
|
33 |
+ array_init(tag);
|
|
34 |
+ array_init(atr);
|
|
35 |
|
|
36 |
- _xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
|
|
37 |
+ _xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
|
|
38 |
|
|
39 |
- add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
|
|
40 |
- add_assoc_string(tag,"type","open",1);
|
|
41 |
- add_assoc_long(tag,"level",parser->level);
|
|
42 |
+ add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
|
|
43 |
+ add_assoc_string(tag,"type","open",1);
|
|
44 |
+ add_assoc_long(tag,"level",parser->level);
|
|
45 |
|
|
46 |
- parser->ltags[parser->level-1] = estrdup(tag_name);
|
|
47 |
- parser->lastwasopen = 1;
|
|
48 |
+ parser->ltags[parser->level-1] = estrdup(tag_name);
|
|
49 |
+ parser->lastwasopen = 1;
|
|
50 |
|
|
51 |
- attributes = (const XML_Char **) attrs;
|
|
52 |
+ attributes = (const XML_Char **) attrs;
|
|
53 |
|
|
54 |
- while (attributes && *attributes) {
|
|
55 |
- att = _xml_decode_tag(parser, attributes[0]);
|
|
56 |
- val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
|
|
57 |
-
|
|
58 |
- add_assoc_stringl(atr,att,val,val_len,0);
|
|
59 |
+ while (attributes && *attributes) {
|
|
60 |
+ att = _xml_decode_tag(parser, attributes[0]);
|
|
61 |
+ val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
|
|
62 |
|
|
63 |
- atcnt++;
|
|
64 |
- attributes += 2;
|
|
65 |
+ add_assoc_stringl(atr,att,val,val_len,0);
|
|
66 |
|
|
67 |
- efree(att);
|
|
68 |
- }
|
|
69 |
+ atcnt++;
|
|
70 |
+ attributes += 2;
|
|
71 |
|
|
72 |
- if (atcnt) {
|
|
73 |
- zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
|
|
74 |
- } else {
|
|
75 |
- zval_ptr_dtor(&atr);
|
|
76 |
- }
|
|
77 |
+ efree(att);
|
|
78 |
+ }
|
|
79 |
+
|
|
80 |
+ if (atcnt) {
|
|
81 |
+ zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
|
|
82 |
+ } else {
|
|
83 |
+ zval_ptr_dtor(&atr);
|
|
84 |
+ }
|
|
85 |
|
|
86 |
- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
|
|
87 |
+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
|
|
88 |
+ } else if (parser->level == (XML_MAXLEVEL + 1)) {
|
|
89 |
+ TSRMLS_FETCH();
|
|
90 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
|
|
91 |
+ }
|
|
92 |
}
|
|
93 |
|
|
94 |
efree(tag_name);
|
|
95 |
@@ -890,7 +895,7 @@
|
|
96 |
|
|
97 |
efree(tag_name);
|
|
98 |
|
|
99 |
- if (parser->ltags) {
|
|
100 |
+ if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) {
|
|
101 |
efree(parser->ltags[parser->level-1]);
|
|
102 |
}
|
|
103 |
|
|
104 |
@@ -974,18 +979,23 @@
|
|
105 |
}
|
|
106 |
}
|
|
107 |
|
|
108 |
- MAKE_STD_ZVAL(tag);
|
|
109 |
-
|
|
110 |
- array_init(tag);
|
|
111 |
-
|
|
112 |
- _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
|
|
113 |
+ if (parser->level <= XML_MAXLEVEL) {
|
|
114 |
+ MAKE_STD_ZVAL(tag);
|
|
115 |
|
|
116 |
- add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
|
|
117 |
- add_assoc_string(tag,"value",decoded_value,0);
|
|
118 |
- add_assoc_string(tag,"type","cdata",1);
|
|
119 |
- add_assoc_long(tag,"level",parser->level);
|
|
120 |
+ array_init(tag);
|
|
121 |
|
|
122 |
- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
|
|
123 |
+ _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
|
|
124 |
+
|
|
125 |
+ add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
|
|
126 |
+ add_assoc_string(tag,"value",decoded_value,0);
|
|
127 |
+ add_assoc_string(tag,"type","cdata",1);
|
|
128 |
+ add_assoc_long(tag,"level",parser->level);
|
|
129 |
+
|
|
130 |
+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
|
|
131 |
+ } else if (parser->level == (XML_MAXLEVEL + 1)) {
|
|
132 |
+ TSRMLS_FETCH();
|
|
133 |
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
|
|
134 |
+ }
|
|
135 |
}
|
|
136 |
} else {
|
|
137 |
efree(decoded_value);
|