PHP :: Bug #59492 :: Simple HTML IMG and A tag causes Pecl to crash

Bug #59492	Simple HTML IMG and A tag causes Pecl to crash
Submitted:	2010-11-03 22:08 UTC	Modified:	2010-11-05 18:07 UTC
From:	netslayer007 at gmail dot com	Assigned:
Status:	Closed	Package:	tidy (PECL)
PHP Version:	5.2.8	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	netslayer007 at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2010-11-03 22:08 UTC] netslayer007 at gmail dot com

Description:
------------
Segmentation Fault with a simple img and anchor tag "<img> <a></a>".

[Wed Nov 03 19:43:31 2010] [notice] child pid 5757 exit signal Segmentation fault (11)

Reproduce code:
---------------
<?php  tidy_repair_string("<img> <a></a>", null); ?>

Expected result:
----------------
It doesnt crash

Actual result:
--------------
Seg Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-11-04 16:03 UTC] netslayer007 at gmail dot com

Tags with spaces is causing a seg fault:
"<a> <b>" = Seg Fault
"<i> <b>" = Seg Fault
"<i> <img>" = Seg Fault

Tags next to each other without spaces are fine:
"<a><a>" = OK
"<a><b>" = OK
"<b><a>" = OK
"<a><i>" = OK
"<i><b>" = OK
"<i><img>" = OK
"<a><img>" = OK

Some tags with spaces work fine:
"<i> <i>" = OK

Original string I found this bug in:
<img src="http://" style="margin-right: 3px; display: inline; vertical-align: middle;" height="20" width="20"> <a href="/services/alerts/">Text</a>

[2010-11-04 19:26 UTC] netslayer007 at gmail dot com

Here's the end of the stack dump

Reading symbols from /home/c/cvs/cf/ext/lib/php/extensions/tidy.so...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/php/extensions/tidy.so
Reading symbols from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib64/libnss_files.so.2
#0  0x0000002a9c89fc9c in TextEndsWithNewline () from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0

[2010-11-04 19:32 UTC] netslayer007 at gmail dot com

Adding duplicate bug reported w/ patch (Subject: [ tidy-Bugs-1694875 ] Accessing offset -1 of the
buffer in TextEndsWithNewline - msg#00038
List: web.html-tidy.tracker)

http://osdir.com/ml/web.html-tidy.tracker/2007-04/msg00038.html

[2010-11-05 18:07 UTC] netslayer007 at gmail dot com

This was was no longer reproducible once I updated to the latest CVS libtidy from sourceforge so I'm going to close it. Anyone else who cannot upgrade can try the patch attached to the bug report URL that is in the comments.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 13:01:28 2024 UTC