File php7-CVE-2020-7059.patch of Package php7.17826
X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Fstring.c;h=fb44cc505d9da857926b2a66d1405a9655aaefbc;hp=da51cd0966fc86db5cdccc8992faf0c86e232360;hb=0f79b1bf301f455967676b5129240140c5c45b09;hpb=f79c7742746907d676989cb7f97fb4f7cd26789f
diff --git a/ext/standard/string.c b/ext/standard/string.c
index da51cd0966f..fb44cc505d9 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4866,7 +4866,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const
if (state == 4) {
/* Inside <!-- comment --> */
break;
- } else if (state == 2 && *(p-1) != '\\') {
+ } else if (state == 2 && p >= buf + 1 && *(p-1) != '\\') {
if (lc == c) {
lc = '\0';
} else if (lc != '\\') {
@@ -4893,7 +4893,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const
case '!':
/* JavaScript & Other HTML scripting languages */
- if (state == 1 && *(p-1) == '<') {
+ if (state == 1 && p >= buf + 1 && *(p-1) == '<') {
state = 3;
lc = c;
} else {
@@ -4920,7 +4920,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const
case '?':
- if (state == 1 && *(p-1) == '<') {
+ if (state == 1 && p >= buf + 1 && *(p-1) == '<') {
br=0;
state=2;
break;