diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/tidy/tests/bug54682.phpt | 2 | ||||
| -rw-r--r-- | ext/tidy/tidy.c | 8 |
3 files changed, 10 insertions, 3 deletions
@@ -5,6 +5,9 @@ PHP NEWS . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) +- Tidy: + . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) + - Core: . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) diff --git a/ext/tidy/tests/bug54682.phpt b/ext/tidy/tests/bug54682.phpt index 99f40cf9d2..824440672a 100644 --- a/ext/tidy/tests/bug54682.phpt +++ b/ext/tidy/tests/bug54682.phpt @@ -10,4 +10,4 @@ $nx->diagnose(); ?> --EXPECTF-- -Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d +Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 88f40badc2..619d5a3a6a 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -190,6 +190,7 @@ struct _PHPTidyDoc { TidyDoc doc; TidyBuffer *errbuf; unsigned int ref_count; + unsigned int initialized:1; }; struct _PHPTidyObj { @@ -701,6 +702,7 @@ static void tidy_object_new(zend_class_entry *class_type, zend_object_handlers * intern->ptdoc = emalloc(sizeof(PHPTidyDoc)); intern->ptdoc->doc = tidyCreate(); intern->ptdoc->ref_count = 1; + intern->ptdoc->initialized = 0; intern->ptdoc->errbuf = emalloc(sizeof(TidyBuffer)); tidyBufInit(intern->ptdoc->errbuf); @@ -1040,7 +1042,9 @@ static int php_tidy_parse_string(PHPTidyObj *obj, char *string, int len, char *e return FAILURE; } } - + + obj->ptdoc->initialized = 1; + tidyBufInit(&buf); tidyBufAppend(&buf, string, len); if (tidyParseBuffer(obj->ptdoc->doc, &buf) < 0) { @@ -1288,7 +1292,7 @@ static PHP_FUNCTION(tidy_diagnose) { TIDY_FETCH_OBJECT; - if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { + if (obj->ptdoc->initialized && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) { tidy_doc_update_properties(obj TSRMLS_CC); RETURN_TRUE; } |