PHP :: Bug #59492 :: Simple HTML IMG and A tag causes Pecl to crash

Bug #59492	Simple HTML IMG and A tag causes Pecl to crash
Submitted:	2010-11-03 22:08 UTC	Modified:	2010-11-05 18:07 UTC
From:	netslayer007 at gmail dot com	Assigned:
Status:	Closed	Package:	tidy (PECL)
PHP Version:	5.2.8	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 38 + 1 = ?
Subscribe to this entry?

[2010-11-03 22:08 UTC] netslayer007 at gmail dot com

Description:
------------
Segmentation Fault with a simple img and anchor tag "<img> <a></a>".

[Wed Nov 03 19:43:31 2010] [notice] child pid 5757 exit signal Segmentation fault (11)

Reproduce code:
---------------
<?php  tidy_repair_string("<img> <a></a>", null); ?>

Expected result:
----------------
It doesnt crash

Actual result:
--------------
Seg Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-11-04 16:03 UTC] netslayer007 at gmail dot com

Tags with spaces is causing a seg fault:
"<a> <b>" = Seg Fault
"<i> <b>" = Seg Fault
"<i> <img>" = Seg Fault

Tags next to each other without spaces are fine:
"<a><a>" = OK
"<a><b>" = OK
"<b><a>" = OK
"<a><i>" = OK
"<i><b>" = OK
"<i><img>" = OK
"<a><img>" = OK

Some tags with spaces work fine:
"<i> <i>" = OK

Original string I found this bug in:
<img src="http://" style="margin-right: 3px; display: inline; vertical-align: middle;" height="20" width="20"> <a href="/services/alerts/">Text</a>

[2010-11-04 19:26 UTC] netslayer007 at gmail dot com

Here's the end of the stack dump

Reading symbols from /home/c/cvs/cf/ext/lib/php/extensions/tidy.so...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/php/extensions/tidy.so
Reading symbols from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib64/libnss_files.so.2
#0  0x0000002a9c89fc9c in TextEndsWithNewline () from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0

[2010-11-04 19:32 UTC] netslayer007 at gmail dot com

Adding duplicate bug reported w/ patch (Subject: [ tidy-Bugs-1694875 ] Accessing offset -1 of the
buffer in TextEndsWithNewline - msg#00038
List: web.html-tidy.tracker)

http://osdir.com/ml/web.html-tidy.tracker/2007-04/msg00038.html

[2010-11-05 18:07 UTC] netslayer007 at gmail dot com

This was was no longer reproducible once I updated to the latest CVS libtidy from sourceforge so I'm going to close it. Anyone else who cannot upgrade can try the patch attached to the bug report URL that is in the comments.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 21:01:36 2024 UTC