diff options
| author | Stanislav Malyshev <stas@php.net> | 2020-01-20 22:22:02 -0800 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2020-01-20 22:46:29 -0800 |
| commit | 25ec7eb3463f34a2be666c6785d1c6b3cc89575e (patch) | |
| tree | fa292e6176eae262eac6dac4a91005e0f318765e /ext/standard/string.c | |
| parent | 07bda97e765407bac9c37c9d4feb6aebb23434bd (diff) | |
| parent | 5c90f8eb66cc8ad0e9377dcf46ad2252924dfb29 (diff) | |
| download | php-git-25ec7eb3463f34a2be666c6785d1c6b3cc89575e.tar.gz | |
Merge branch 'PHP-7.2' into PHP-7.3
* PHP-7.2:
Update NEWS
Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
Fix #79099: OOB read in php_strip_tags_ex
Fix #79091: heap use-after-free in session_create_id()
Diffstat (limited to 'ext/standard/string.c')
| -rw-r--r-- | ext/standard/string.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index 39063484df..0fe8796a03 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -5164,7 +5164,7 @@ state_1: } lc = '>'; - if (is_xml && *(p -1) == '-') { + if (is_xml && p >= buf + 1 && *(p -1) == '-') { break; } in_q = state = is_xml = 0; @@ -5196,7 +5196,7 @@ state_1: goto reg_char_1; case '!': /* JavaScript & Other HTML scripting languages */ - if (*(p-1) == '<') { + if (p >= buf + 1 && *(p-1) == '<') { state = 3; lc = c; p++; @@ -5206,7 +5206,7 @@ state_1: } break; case '?': - if (*(p-1) == '<') { + if (p >= buf + 1 && *(p-1) == '<') { br=0; state = 2; p++; |