File php5-CVE-2020-7059.patch of Package php5.16740

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Fstring.c;h=fb44cc505d9da857926b2a66d1405a9655aaefbc;hp=da51cd0966fc86db5cdccc8992faf0c86e232360;hb=0f79b1bf301f455967676b5129240140c5c45b09;hpb=f79c7742746907d676989cb7f97fb4f7cd26789f

Index: php-5.6.40/ext/standard/string.c
===================================================================
--- php-5.6.40.orig/ext/standard/string.c	2019-01-09 10:54:13.000000000 +0100
+++ php-5.6.40/ext/standard/string.c	2020-02-05 14:35:55.758370546 +0100
@@ -4770,7 +4770,7 @@ PHPAPI size_t php_strip_tags_ex(char *rb
 				if (state == 4) {
 					/* Inside <!-- comment --> */
 					break;
-				} else if (state == 2 && *(p-1) != '\\') {
+				} else if (state == 2 && p >= buf + 1 && *(p-1) != '\\') {
 					if (lc == c) {
 						lc = '\0';
 					} else if (lc != '\\') {
@@ -4797,7 +4797,7 @@ PHPAPI size_t php_strip_tags_ex(char *rb
 
 			case '!':
 				/* JavaScript & Other HTML scripting languages */
-				if (state == 1 && *(p-1) == '<') {
+				if (state == 1 && p >= buf + 1 && *(p-1) == '<') {
 					state = 3;
 					lc = c;
 				} else {
@@ -4824,7 +4824,7 @@ PHPAPI size_t php_strip_tags_ex(char *rb
 
 			case '?':
 
-				if (state == 1 && *(p-1) == '<') {
+				if (state == 1 && p >= buf + 1 && *(p-1) == '<') {
 					br=0;
 					state=2;
 					break;