diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-01-29 16:40:13 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-01-30 10:07:01 +0100 |
commit | 9aadcb18e1d6c7f7736a00e246e193671353d741 (patch) | |
tree | 71b1119c40e7c91e68e8eca38e4e5c5f13116274 | |
parent | acc616c455c007857e6aeb006e3e9aa63565c461 (diff) | |
download | php-git-9aadcb18e1d6c7f7736a00e246e193671353d741.tar.gz |
Restore digit check in mb_decode_numericentity()
I replaced it with a multiplication overflow check in
18599f9c52959b2e8cbfac57e278644499a3547d. However, we need both,
because the code for restoring the number can't handle numbers
with many leading zeros right now and I don't feel like teaching it.
-rw-r--r-- | ext/mbstring/libmbfl/mbfl/mbfilter.c | 2 | ||||
-rw-r--r-- | ext/mbstring/tests/mb_decode_numericentity.phpt | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/ext/mbstring/libmbfl/mbfl/mbfilter.c b/ext/mbstring/libmbfl/mbfl/mbfilter.c index cec6daad94..544eae9121 100644 --- a/ext/mbstring/libmbfl/mbfl/mbfilter.c +++ b/ext/mbstring/libmbfl/mbfl/mbfilter.c @@ -2554,7 +2554,7 @@ collector_decode_htmlnumericentity(int c, void *data) f = 0; if (c >= 0x30 && c <= 0x39) { /* '0' - '9' */ s = pc->cache; - if (s > INT_MAX/10) { + if (pc->digit > 9 || s > INT_MAX/10) { pc->status = 0; f = 1; } else { diff --git a/ext/mbstring/tests/mb_decode_numericentity.phpt b/ext/mbstring/tests/mb_decode_numericentity.phpt index c728e2aa69..f70e26a43c 100644 --- a/ext/mbstring/tests/mb_decode_numericentity.phpt +++ b/ext/mbstring/tests/mb_decode_numericentity.phpt @@ -19,6 +19,7 @@ echo mb_decode_numericentity('�', $convmap), "\n"; echo mb_decode_numericentity('�', $convmap), "\n"; echo mb_decode_numericentity('�', $convmap), "\n"; echo mb_decode_numericentity('�', $convmap), "\n"; +echo mb_decode_numericentity('�', $convmap), "\n"; ?> --EXPECT-- @@ -29,3 +30,4 @@ aŒbœcŠdše€fg � � � +� |