Permalink
Browse files

fix bug #54682 (tidy null pointer dereference)

  • Loading branch information...
1 parent b0678ea commit ce1a1f5f491ea149e0e67f07993a5ce374415238 @tony2001 tony2001 committed Feb 7, 2012
Showing with 10 additions and 3 deletions.
  1. +3 −0 NEWS
  2. +1 −1 ext/tidy/tests/bug54682.phpt
  3. +6 −2 ext/tidy/tidy.c
View
3 NEWS
@@ -5,6 +5,9 @@ PHP NEWS
. Fixed bug #60860 (session.save_handler=user without defined function core
dumps). (Felipe)
+- Tidy:
+ . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra)
+
- Core:
. Fixed bug #60227 (header() cannot detect the multi-line header with CR).
(rui, Gustavo)
@@ -10,4 +10,4 @@ $nx->diagnose();
?>
--EXPECTF--
-Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d
+Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d
View
@@ -190,6 +190,7 @@ struct _PHPTidyDoc {
TidyDoc doc;
TidyBuffer *errbuf;
unsigned int ref_count;
+ unsigned int initialized:1;
};
struct _PHPTidyObj {
@@ -701,6 +702,7 @@ static void tidy_object_new(zend_class_entry *class_type, zend_object_handlers *
intern->ptdoc = emalloc(sizeof(PHPTidyDoc));
intern->ptdoc->doc = tidyCreate();
intern->ptdoc->ref_count = 1;
+ intern->ptdoc->initialized = 0;
intern->ptdoc->errbuf = emalloc(sizeof(TidyBuffer));
tidyBufInit(intern->ptdoc->errbuf);
@@ -1040,7 +1042,9 @@ static int php_tidy_parse_string(PHPTidyObj *obj, char *string, int len, char *e
return FAILURE;
}
}
-
+
+ obj->ptdoc->initialized = 1;
+
tidyBufInit(&buf);
tidyBufAppend(&buf, string, len);
if (tidyParseBuffer(obj->ptdoc->doc, &buf) < 0) {
@@ -1288,7 +1292,7 @@ static PHP_FUNCTION(tidy_diagnose)
{
TIDY_FETCH_OBJECT;
- if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
+ if (obj->ptdoc->initialized && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
tidy_doc_update_properties(obj TSRMLS_CC);
RETURN_TRUE;
}

0 comments on commit ce1a1f5

Please sign in to comment.