# HG changeset patch
# User Jon Tibble <meths@btinternet.com>
# Date 1378057484 -3600
# Node ID c26ca4f9158b3e67a86f441826a300e2833cbd7d
# Parent  7056ed228625cccfea471425ed2c835e241fad13
Pull Oracle PHP 5.2 patches

diff -r 7056ed228625 -r c26ca4f9158b usr/src/cmd/php5/Makefile.sfw
--- a/usr/src/cmd/php5/Makefile.sfw	Fri Aug 30 20:05:39 2013 +0100
+++ b/usr/src/cmd/php5/Makefile.sfw	Sun Sep 01 18:44:44 2013 +0100
@@ -426,7 +426,12 @@
 		gpatch -p1 -i ../patches/php_pdo_stmt_race.patch && \
 		gpatch -p1 -i ../patches/php_perf_nsapi.c.patch && \
 		gpatch -p1 -i ../patches/php_run-tests.php.patch && \
-		gpatch -p1 -i ../patches/php_divert.patch)
+		gpatch -p1 -i ../patches/php_divert.patch && \
+		gpatch -p1 -i ../patches/14_php_16658678.patch && \
+		gpatch -p1 -i ../patches/15_php_16004918.patch && \
+		gpatch -p1 -i ../patches/16_php_openssl_tests.patch && \
+		gpatch -p1 -i ../patches/17_php_17026033.patch && \
+		gpatch -p1 -i ../patches/18_php_17157091.patch)
 	(cd $(PHP_DIR); env - $(PRECONF_ENVLINE) \
 	    $(CONFIG_SHELL) ./buildconf --force )
 	(cd $(PHP_DIR); \
diff -r 7056ed228625 -r c26ca4f9158b usr/src/cmd/php5/patches/14_php_16658678.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/php5/patches/14_php_16658678.patch	Sun Sep 01 18:44:44 2013 +0100
@@ -0,0 +1,201 @@
+From
+http://git.php.net/?p=php-src.git;a=commitdiff;h=cc4c318b0c71e1a9c9cf803b5ee5d437344d64db
+Check if soap.wsdl_cache_dir confirms to open_basedir
+
+--- php-5.2.17/ext/soap/soap.c_orig	2010-06-09 08:48:22.000000000 -0700
++++ php-5.2.17/ext/soap/soap.c	2013-06-05 14:11:41.182400088 -0700
+@@ -416,10 +416,44 @@
+ 	return SUCCESS;
+ }
+ 
++static PHP_INI_MH(OnUpdateCacheDir)
++{
++	/* Only do the safemode/open_basedir check at runtime */
++	if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
++		char *p;
++
++		if (memchr(new_value, '\0', new_value_length) != NULL) {
++			return FAILURE;
++		}
++
++		/* we do not use zend_memrchr() since path can contain ; itself */
++		if ((p = strchr(new_value, ';'))) {
++			char *p2;
++			p++;
++			if ((p2 = strchr(p, ';'))) {
++				p = p2 + 1;
++			}
++		} else {
++			p = new_value;
++		}
++
++		if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
++			return FAILURE;
++		}
++
++		if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) {
++			return FAILURE;
++		}
++	}
++
++	OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
++	return SUCCESS;
++}
++
+ PHP_INI_BEGIN()
+ STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled",     "1", PHP_INI_ALL, OnUpdateCacheEnabled,
+                   cache_enabled, zend_soap_globals, soap_globals)
+-STD_PHP_INI_ENTRY("soap.wsdl_cache_dir",         "/tmp", PHP_INI_ALL, OnUpdateString,
++STD_PHP_INI_ENTRY("soap.wsdl_cache_dir",         "/tmp", PHP_INI_ALL, OnUpdateCacheDir,
+                   cache_dir, zend_soap_globals, soap_globals)
+ STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl",         "86400", PHP_INI_ALL, OnUpdateLong,
+                   cache_ttl, zend_soap_globals, soap_globals)
+
+
+From
+http://git.php.net/?p=php-src.git;a=commitdiff;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6
+Fixed external entity loading
+http://git.php.net/?p=php-src.git;a=commitdiff;h=fcd4b5335a6df4e0676ee32e2267ca71d70fe623
+Fix TSRM (after afc1debb)
+
+--- php-5.2.17/ext/libxml/libxml.c_orig	2010-01-03 01:23:27.000000000 -0800
++++ php-5.2.17/ext/libxml/libxml.c	2013-06-05 14:18:21.153940829 -0700
+@@ -267,6 +267,7 @@
+ 	libxml_globals->stream_context = NULL;
+ 	libxml_globals->error_buffer.c = NULL;
+ 	libxml_globals->error_list = NULL;
++	libxml_globals->entity_loader_disabled = 0;
+ }
+ 
+ /* Channel libxml file io layer through the PHP streams subsystem.
+@@ -356,16 +357,15 @@
+ }
+ 
+ static xmlParserInputBufferPtr
+-php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc)
+-{
+-	return NULL;
+-}
+-
+-static xmlParserInputBufferPtr
+ php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc)
+ {
+ 	xmlParserInputBufferPtr ret;
+ 	void *context = NULL;
++	TSRMLS_FETCH();
++
++	if (LIBXML(entity_loader_disabled)) {
++		return NULL;
++	}
+ 
+ 	if (URI == NULL)
+ 		return(NULL);
+@@ -839,28 +839,25 @@
+ }
+ /* }}} */
+ 
++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC)
++{
++	zend_bool old = LIBXML(entity_loader_disabled);
++
++	LIBXML(entity_loader_disabled) = disable;
++	return old;
++}
++
+ /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) 
+    Disable/Enable ability to load external entities */
+ static PHP_FUNCTION(libxml_disable_entity_loader)
+ {
+ 	zend_bool disable = 1;
+-	xmlParserInputBufferCreateFilenameFunc old;
+ 
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) {
+ 		return;
+ 	}
+ 
+-	if (disable == 0) {
+-		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
+-	} else {
+-		old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload);
+-	}
+-
+-	if (old == php_libxml_input_buffer_noload) {
+-		RETURN_TRUE;
+-	}
+-
+-	RETURN_FALSE;
++	RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC));
+ }
+ /* }}} */
+ 
+--- php-5.2.17/ext/libxml/php_libxml.h_orig	2010-01-03 01:23:27.000000000 -0800
++++ php-5.2.17/ext/libxml/php_libxml.h	2013-06-05 14:20:23.311490825 -0700
+@@ -41,6 +41,7 @@
+ 	zval *stream_context;
+ 	smart_str error_buffer;
+ 	zend_llist *error_list;
++	zend_bool entity_loader_disabled;
+ ZEND_END_MODULE_GLOBALS(libxml)
+ 
+ typedef struct _libxml_doc_props {
+@@ -91,6 +92,7 @@
+ PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s);
+ PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC);
+ PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC);
++PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC);
+ 
+ /* Init/shutdown functions*/
+ PHP_LIBXML_API void php_libxml_initialize(void);
+--- php-5.2.17/ext/soap/php_xml.c_orig	2010-01-03 01:23:27.000000000 -0800
++++ php-5.2.17/ext/soap/php_xml.c	2013-06-05 14:28:21.292038266 -0700
+@@ -20,6 +20,7 @@
+ /* $Id: php_xml.c 293036 2010-01-03 09:23:27Z sebastian $ */
+ 
+ #include "php_soap.h"
++#include "ext/libxml/php_libxml.h"
+ #include "libxml/parser.h"
+ #include "libxml/parserInternals.h"
+ 
+@@ -91,13 +92,17 @@
+ 	ctxt = xmlCreateFileParserCtxt(filename);
+ 	PG(allow_url_fopen) = old_allow_url_fopen;
+ 	if (ctxt) {
++		zend_bool old;
++
+ 		ctxt->keepBlanks = 0;
+ 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
+ 		ctxt->sax->comment = soap_Comment;
+ 		ctxt->sax->warning = NULL;
+ 		ctxt->sax->error = NULL;
+ 		/*ctxt->sax->fatalError = NULL;*/
++		old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
+ 		xmlParseDocument(ctxt);
++		php_libxml_disable_entity_loader(old TSRMLS_CC);
+ 		if (ctxt->wellFormed) {
+ 			ret = ctxt->myDoc;
+ 			if (ret->URL == NULL && ctxt->directory != NULL) {
+@@ -128,11 +133,14 @@
+ 	xmlParserCtxtPtr ctxt = NULL;
+ 	xmlDocPtr ret;
+ 
++	TSRMLS_FETCH();
+ /*
+ 	xmlInitParser();
+ */
+ 	ctxt = xmlCreateMemoryParserCtxt(buf, buf_size);
+ 	if (ctxt) {
++		zend_bool old;
++
+ 		ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace;
+ 		ctxt->sax->comment = soap_Comment;
+ 		ctxt->sax->warning = NULL;
+@@ -141,7 +149,9 @@
+ #if LIBXML_VERSION >= 20703
+ 		ctxt->options |= XML_PARSE_HUGE;
+ #endif
++		old = php_libxml_disable_entity_loader(1 TSRMLS_CC);
+ 		xmlParseDocument(ctxt);
++		php_libxml_disable_entity_loader(old TSRMLS_CC);
+ 		if (ctxt->wellFormed) {
+ 			ret = ctxt->myDoc;
+ 			if (ret->URL == NULL && ctxt->directory != NULL) {
diff -r 7056ed228625 -r c26ca4f9158b usr/src/cmd/php5/patches/15_php_16004918.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/php5/patches/15_php_16004918.patch	Sun Sep 01 18:44:44 2013 +0100
@@ -0,0 +1,89 @@
+From
+http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5
+improve overflow checks
+
+--- php-5.2.17/main/streams/streams.c_orig	2010-01-06 04:54:53.000000000 -0800
++++ php-5.2.17/main/streams/streams.c	2013-07-09 10:14:05.583023604 -0700
+@@ -2083,8 +2083,8 @@
+ 	php_stream *stream;
+ 	php_stream_dirent sdp;
+ 	char **vector = NULL;
+-	int vector_size = 0;
+-	int nfiles = 0;
++	unsigned int vector_size = 0;
++	unsigned int nfiles = 0;
+ 
+ 	if (!namelist) {
+ 		return FAILURE;
+@@ -2100,9 +2100,14 @@
+ 			if (vector_size == 0) {
+ 				vector_size = 10;
+ 			} else {
++				if(vector_size*2 < vector_size) {
++					/* overflow */
++					efree(vector);
++					return FAILURE;
++				}
+ 				vector_size *= 2;
+ 			}
+-			vector = (char **) erealloc(vector, vector_size * sizeof(char *));
++			vector = (char **) safe_erealloc(vector, vector_size, sizeof(char *), 0);
+ 		}
+ 
+ 		vector[nfiles] = estrdup(sdp.d_name);
+
+
+From
+http://git.php.net/?p=php-src.git;a=commitdiff;h=055ecbc62878e86287d742c7246c21606cee8183
+Improve check for :memory: pseudo-filename in SQlite
+php5.2 doesn't have sqlite3 so apply fix to sqlite.
+ 
+--- php-5.2.17/ext/pdo_sqlite/sqlite_driver.c_orig	2010-06-20 07:12:06.000000000 -0700
++++ php-5.2.17/ext/pdo_sqlite/sqlite_driver.c	2013-06-10 10:28:40.178224391 -0700
+@@ -642,7 +642,7 @@
+ 
+ static char *make_filename_safe(const char *filename TSRMLS_DC)
+ {
+-	if (*filename && strncmp(filename, ":memory:", sizeof(":memory:")-1)) {
++	if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) {
+ 		char *fullpath = expand_filepath(filename, NULL TSRMLS_CC);
+ 
+ 		if (!fullpath) {
+--- php-5.2.17/ext/sqlite/sqlite.c_orig	2010-04-28 05:10:10.000000000 -0700
++++ php-5.2.17/ext/sqlite/sqlite.c	2013-06-10 11:08:25.397573242 -0700
+@@ -747,7 +747,7 @@
+ 			return SQLITE_OK;
+ #ifdef SQLITE_ATTACH
+ 		case SQLITE_ATTACH:
+-			if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) {
++			if (memcmp(arg3, ":memory:", sizeof(":memory:"))) {
+ 				TSRMLS_FETCH();
+ 				if (PG(safe_mode) && (!php_checkuid(arg3, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ 					return SQLITE_DENY;
+@@ -1230,7 +1230,7 @@
+ 		ZVAL_NULL(errmsg);
+ 	}
+ 
+-	if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
++	if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) {
+ 		/* resolve the fully-qualified path name to use as the hash key */
+ 		if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+ 			RETURN_FALSE;
+@@ -1306,7 +1306,7 @@
+ 		ZVAL_NULL(errmsg);
+ 	}
+ 
+-	if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
++	if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) {
+ 		/* resolve the fully-qualified path name to use as the hash key */
+ 		if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+ 			php_std_error_handling();
+@@ -1358,7 +1358,7 @@
+ 		ZVAL_NULL(errmsg);
+ 	}
+ 
+-	if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
++	if (memcmp(filename, ":memory:", sizeof(":memory:")) != 0) {
+ 		/* resolve the fully-qualified path name to use as the hash key */
+ 		if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+ 			php_std_error_handling();
diff -r 7056ed228625 -r c26ca4f9158b usr/src/cmd/php5/patches/16_php_openssl_tests.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/php5/patches/16_php_openssl_tests.patch	Sun Sep 01 18:44:44 2013 +0100
@@ -0,0 +1,14 @@
+This test now causing an infinite loop.
+Produced fix by comparing to the php 5.3.26 version of the test.
+
+--- php-5.2.17/ext/openssl/tests/bug48182.phpt_orig	2009-09-22 03:15:10.000000000 -0700
++++ php-5.2.17/ext/openssl/tests/bug48182.phpt	2013-06-20 14:16:39.947981967 -0700
+@@ -51,7 +51,7 @@
+ 	$socket = stream_socket_client($host, $errno, $errstr, 10, $flags);
+ 	stream_set_blocking($socket, 0);
+ 
+-	while ($data) {
++	while ($socket && $data) {
+ 		$wrote = fwrite($socket, $data, strlen($data));
+ 		$data = substr($data, $wrote);
+ 	}
diff -r 7056ed228625 -r c26ca4f9158b usr/src/cmd/php5/patches/17_php_17026033.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/php5/patches/17_php_17026033.patch	Sun Sep 01 18:44:44 2013 +0100
@@ -0,0 +1,54 @@
+From
+http://git.php.net/?p=php-src.git;a=commitdiff;h=4828f7343b3f31d914f4d4a5545865b8a19f7fb6
+Integer overflow in SndToJewish leads to php hang
+and
+http://git.php.net/?p=php-src.git;a=commitdiff;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef
+Fixed bug #64895 Integer overflow in SndToJewish
+
+CVE-2013-2110 - use correct formula to calculate string size
+does NOT apply because no such function to patch.
+
+--- php-5.2.17/ext/calendar/jewish.c_orig	2003-03-22 17:44:58.000000000 -0800
++++ php-5.2.17/ext/calendar/jewish.c	2013-07-01 15:33:18.280118195 -0700
+@@ -272,6 +272,7 @@
+ #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7))
+ 
+ #define JEWISH_SDN_OFFSET 347997
++#define JEWISH_SDN_MAX 324542846L /* 12/13/887605, greater value raises interger overflow */
+ #define NEW_MOON_OF_CREATION 31524
+ 
+ #define SUNDAY    0
+@@ -519,7 +520,7 @@
+ 	int tishri1After;
+ 	int yearLength;
+ 
+-	if (sdn <= JEWISH_SDN_OFFSET) {
++	if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) {
+ 		*pYear = 0;
+ 		*pMonth = 0;
+ 		*pDay = 0;
+
+
+--- php-5.2.17/ext/calendar/tests/jdtojewish64.phpt_orig	2013-07-01 15:41:34.918645609 -0700
++++ php-5.2.17/ext/calendar/tests/jdtojewish64.phpt	2013-07-01 15:37:34.054921308 -0700
+@@ -0,0 +1,19 @@
++--TEST--
++Bug #64895: Integer overflow in SndToJewish
++--SKIPIF--
++<?php 
++include 'skipif.inc';
++if (PHP_INT_SIZE == 4) {
++        die("skip this test is for 64bit platform only");
++}
++?>
++--FILE--
++<?php
++$a = array(38245310, 324542846, 324542847, 9223372036854743639);
++
++foreach ($a as $x) var_dump(jdtojewish($x));
++--EXPECTF--
++string(11) "2/22/103759"
++string(12) "12/13/887605"
++string(5) "0/0/0"
++string(5) "0/0/0"
+
diff -r 7056ed228625 -r c26ca4f9158b usr/src/cmd/php5/patches/18_php_17157091.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/php5/patches/18_php_17157091.patch	Sun Sep 01 18:44:44 2013 +0100
@@ -0,0 +1,137 @@
+From
+http://git.php.net/?p=php-src.git;a=commitdiff;h=7d163e8a0880ae8af2dd869071393e5dc07ef271
+truncate results at depth of 255 to prevent corruption
+
+--- php-5.2.17/ext/xml/xml.c_orig	2010-11-03 07:18:28.000000000 -0700
++++ php-5.2.17/ext/xml/xml.c	2013-07-12 08:31:01.397237583 -0700
+@@ -322,7 +322,7 @@
+ 	}
+ 	if (parser->ltags) {
+ 		int inx;
+-		for (inx = 0; inx < parser->level; inx++)
++		for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++)
+ 			efree(parser->ltags[ inx ]);
+ 		efree(parser->ltags);
+ 	}
+@@ -800,45 +800,50 @@
+ 		} 
+ 
+ 		if (parser->data) {
+-			zval *tag, *atr;
+-			int atcnt = 0;
++			if (parser->level <= XML_MAXLEVEL)  {
++				zval *tag, *atr;
++				int atcnt = 0;
+ 
+-			MAKE_STD_ZVAL(tag);
+-			MAKE_STD_ZVAL(atr);
++				MAKE_STD_ZVAL(tag);
++				MAKE_STD_ZVAL(atr);
+ 
+-			array_init(tag);
+-			array_init(atr);
++				array_init(tag);
++				array_init(atr);
+ 
+-			_xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
++				_xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
+ 
+-			add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
+-			add_assoc_string(tag,"type","open",1);
+-			add_assoc_long(tag,"level",parser->level);
++				add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
++				add_assoc_string(tag,"type","open",1);
++				add_assoc_long(tag,"level",parser->level);
+ 
+-			parser->ltags[parser->level-1] = estrdup(tag_name);
+-			parser->lastwasopen = 1;
++				parser->ltags[parser->level-1] = estrdup(tag_name);
++				parser->lastwasopen = 1;
+ 
+-			attributes = (const XML_Char **) attrs;
++				attributes = (const XML_Char **) attrs;
+ 
+-			while (attributes && *attributes) {
+-				att = _xml_decode_tag(parser, attributes[0]);
+-				val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
+-				
+-				add_assoc_stringl(atr,att,val,val_len,0);
++				while (attributes && *attributes) {
++					att = _xml_decode_tag(parser, attributes[0]);
++					val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding);
+ 
+-				atcnt++;
+-				attributes += 2;
++					add_assoc_stringl(atr,att,val,val_len,0);
+ 
+-				efree(att);
+-			}
++					atcnt++;
++					attributes += 2;
+ 
+-			if (atcnt) {
+-				zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
+-			} else {
+-				zval_ptr_dtor(&atr);
+-			}
++					efree(att);
++				}
++
++				if (atcnt) {
++					zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL);
++				} else {
++					zval_ptr_dtor(&atr);
++				}
+ 
+-			zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
++				zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag);
++			} else if (parser->level == (XML_MAXLEVEL + 1)) {
++				TSRMLS_FETCH();
++				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
++			}
+ 		}
+ 
+ 		efree(tag_name);
+@@ -890,7 +895,7 @@
+ 
+ 		efree(tag_name);
+ 
+-		if (parser->ltags) {
++		if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) {
+ 			efree(parser->ltags[parser->level-1]);
+ 		}
+ 
+@@ -974,18 +979,23 @@
+ 						}
+ 					}
+ 
+-					MAKE_STD_ZVAL(tag);
+-					
+-					array_init(tag);
+-					
+-					_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
++					if (parser->level <= XML_MAXLEVEL) {
++						MAKE_STD_ZVAL(tag);
+ 
+-					add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
+-					add_assoc_string(tag,"value",decoded_value,0);
+-					add_assoc_string(tag,"type","cdata",1);
+-					add_assoc_long(tag,"level",parser->level);
++						array_init(tag);
+ 
+-					zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
++						_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
++
++						add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
++						add_assoc_string(tag,"value",decoded_value,0);
++						add_assoc_string(tag,"type","cdata",1);
++						add_assoc_long(tag,"level",parser->level);
++
++						zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL);
++					} else if (parser->level == (XML_MAXLEVEL + 1)) {
++						TSRMLS_FETCH();
++						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated");
++					}
+ 				}
+ 			} else {
+ 				efree(decoded_value);