php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59492 Simple HTML IMG and A tag causes Pecl to crash
Submitted: 2010-11-03 22:08 UTC Modified: 2010-11-05 18:07 UTC
From: netslayer007 at gmail dot com Assigned:
Status: Closed Package: tidy (PECL)
PHP Version: 5.2.8 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: netslayer007 at gmail dot com
New email:
PHP Version: OS:

 

 [2010-11-03 22:08 UTC] netslayer007 at gmail dot com
Description:
------------
Segmentation Fault with a simple img and anchor tag "<img> <a></a>".

[Wed Nov 03 19:43:31 2010] [notice] child pid 5757 exit signal Segmentation fault (11)

Reproduce code:
---------------
<?php  tidy_repair_string("<img> <a></a>", null); ?>

Expected result:
----------------
It doesnt crash

Actual result:
--------------
Seg Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-04 16:03 UTC] netslayer007 at gmail dot com
Tags with spaces is causing a seg fault:
"<a> <b>" = Seg Fault
"<i> <b>" = Seg Fault
"<i> <img>" = Seg Fault

Tags next to each other without spaces are fine:
"<a><a>" = OK
"<a><b>" = OK
"<b><a>" = OK
"<a><i>" = OK
"<i><b>" = OK
"<i><img>" = OK
"<a><img>" = OK

Some tags with spaces work fine:
"<i> <i>" = OK

Original string I found this bug in:
<img src="http://" style="margin-right: 3px; display: inline; vertical-align: middle;" height="20" width="20"> <a href="/services/alerts/">Text</a>
 [2010-11-04 19:26 UTC] netslayer007 at gmail dot com
Here's the end of the stack dump

Reading symbols from /home/c/cvs/cf/ext/lib/php/extensions/tidy.so...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/php/extensions/tidy.so
Reading symbols from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib64/libnss_files.so.2
#0  0x0000002a9c89fc9c in TextEndsWithNewline () from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0
 [2010-11-04 19:32 UTC] netslayer007 at gmail dot com
Adding duplicate bug reported w/ patch (Subject: [ tidy-Bugs-1694875 ] Accessing offset -1 of the
buffer in TextEndsWithNewline - msg#00038
List: web.html-tidy.tracker)

http://osdir.com/ml/web.html-tidy.tracker/2007-04/msg00038.html
 [2010-11-05 18:07 UTC] netslayer007 at gmail dot com
This was was no longer reproducible once I updated to the latest CVS libtidy from sourceforge so I'm going to close it. Anyone else who cannot upgrade can try the patch attached to the bug report URL that is in the comments.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Jan 24 01:04:10 2022 UTC