|
1 From |
|
2 http://git.php.net/?p=php-src.git;a=commitdiff;h=7d163e8a0880ae8af2dd869071393e5dc07ef271 |
|
3 truncate results at depth of 255 to prevent corruption |
|
4 |
|
5 --- php-5.2.17/ext/xml/xml.c_orig 2010-11-03 07:18:28.000000000 -0700 |
|
6 +++ php-5.2.17/ext/xml/xml.c 2013-07-12 08:31:01.397237583 -0700 |
|
7 @@ -322,7 +322,7 @@ |
|
8 } |
|
9 if (parser->ltags) { |
|
10 int inx; |
|
11 - for (inx = 0; inx < parser->level; inx++) |
|
12 + for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) |
|
13 efree(parser->ltags[ inx ]); |
|
14 efree(parser->ltags); |
|
15 } |
|
16 @@ -800,45 +800,50 @@ |
|
17 } |
|
18 |
|
19 if (parser->data) { |
|
20 - zval *tag, *atr; |
|
21 - int atcnt = 0; |
|
22 + if (parser->level <= XML_MAXLEVEL) { |
|
23 + zval *tag, *atr; |
|
24 + int atcnt = 0; |
|
25 |
|
26 - MAKE_STD_ZVAL(tag); |
|
27 - MAKE_STD_ZVAL(atr); |
|
28 + MAKE_STD_ZVAL(tag); |
|
29 + MAKE_STD_ZVAL(atr); |
|
30 |
|
31 - array_init(tag); |
|
32 - array_init(atr); |
|
33 + array_init(tag); |
|
34 + array_init(atr); |
|
35 |
|
36 - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); |
|
37 + _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); |
|
38 |
|
39 - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ |
|
40 - add_assoc_string(tag,"type","open",1); |
|
41 - add_assoc_long(tag,"level",parser->level); |
|
42 + add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ |
|
43 + add_assoc_string(tag,"type","open",1); |
|
44 + add_assoc_long(tag,"level",parser->level); |
|
45 |
|
46 - parser->ltags[parser->level-1] = estrdup(tag_name); |
|
47 - parser->lastwasopen = 1; |
|
48 + parser->ltags[parser->level-1] = estrdup(tag_name); |
|
49 + parser->lastwasopen = 1; |
|
50 |
|
51 - attributes = (const XML_Char **) attrs; |
|
52 + attributes = (const XML_Char **) attrs; |
|
53 |
|
54 - while (attributes && *attributes) { |
|
55 - att = _xml_decode_tag(parser, attributes[0]); |
|
56 - val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); |
|
57 - |
|
58 - add_assoc_stringl(atr,att,val,val_len,0); |
|
59 + while (attributes && *attributes) { |
|
60 + att = _xml_decode_tag(parser, attributes[0]); |
|
61 + val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); |
|
62 |
|
63 - atcnt++; |
|
64 - attributes += 2; |
|
65 + add_assoc_stringl(atr,att,val,val_len,0); |
|
66 |
|
67 - efree(att); |
|
68 - } |
|
69 + atcnt++; |
|
70 + attributes += 2; |
|
71 |
|
72 - if (atcnt) { |
|
73 - zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); |
|
74 - } else { |
|
75 - zval_ptr_dtor(&atr); |
|
76 - } |
|
77 + efree(att); |
|
78 + } |
|
79 + |
|
80 + if (atcnt) { |
|
81 + zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); |
|
82 + } else { |
|
83 + zval_ptr_dtor(&atr); |
|
84 + } |
|
85 |
|
86 - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); |
|
87 + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); |
|
88 + } else if (parser->level == (XML_MAXLEVEL + 1)) { |
|
89 + TSRMLS_FETCH(); |
|
90 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); |
|
91 + } |
|
92 } |
|
93 |
|
94 efree(tag_name); |
|
95 @@ -890,7 +895,7 @@ |
|
96 |
|
97 efree(tag_name); |
|
98 |
|
99 - if (parser->ltags) { |
|
100 + if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { |
|
101 efree(parser->ltags[parser->level-1]); |
|
102 } |
|
103 |
|
104 @@ -974,18 +979,23 @@ |
|
105 } |
|
106 } |
|
107 |
|
108 - MAKE_STD_ZVAL(tag); |
|
109 - |
|
110 - array_init(tag); |
|
111 - |
|
112 - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); |
|
113 + if (parser->level <= XML_MAXLEVEL) { |
|
114 + MAKE_STD_ZVAL(tag); |
|
115 |
|
116 - add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); |
|
117 - add_assoc_string(tag,"value",decoded_value,0); |
|
118 - add_assoc_string(tag,"type","cdata",1); |
|
119 - add_assoc_long(tag,"level",parser->level); |
|
120 + array_init(tag); |
|
121 |
|
122 - zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); |
|
123 + _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); |
|
124 + |
|
125 + add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); |
|
126 + add_assoc_string(tag,"value",decoded_value,0); |
|
127 + add_assoc_string(tag,"type","cdata",1); |
|
128 + add_assoc_long(tag,"level",parser->level); |
|
129 + |
|
130 + zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); |
|
131 + } else if (parser->level == (XML_MAXLEVEL + 1)) { |
|
132 + TSRMLS_FETCH(); |
|
133 + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); |
|
134 + } |
|
135 } |
|
136 } else { |
|
137 efree(decoded_value); |