Edit report at https://bugs.php.net/bug.php?id=60965&edit=1
ID: 60965
Updated by: cataphr...@php.net
Reported by: cataphr...@php.net
Summary: Buffer overflow on htmlspecialchars/entities with
$double=false
Status: Critical
Type: Bug
Package: Reproducible crash
Operating System: Any
PHP Version: 5.4SVN-2012-02-03 (SVN)
Assigned To: cataphract
Block user comment: N
Private report: N
New Comment:
Yes, it is trunk/5.4 only.
Previous Comments:
------------------------------------------------------------------------
[2012-02-03 17:03:40] ras...@php.net
This is 5.4-only?
------------------------------------------------------------------------
[2012-02-03 10:48:29] cataphr...@php.net
Description:
------------
Long entities can cause a buffer overflow because the loop only guarantees 40
bytes available in beginning.
Test script:
---------------
<?php
echo
htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""',
ENT_QUOTES, 'UTF-8', false), "\n";
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60965&edit=1
