php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59492 Simple HTML IMG and A tag causes Pecl to crash
Submitted: 2010-11-03 22:08 UTC Modified: 2010-11-05 18:07 UTC
From: netslayer007 at gmail dot com Assigned:
Status: Closed Package: tidy (PECL)
PHP Version: 5.2.8 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
9 + 19 = ?
Subscribe to this entry?

 
 [2010-11-03 22:08 UTC] netslayer007 at gmail dot com
Description:
------------
Segmentation Fault with a simple img and anchor tag "<img> <a></a>".

[Wed Nov 03 19:43:31 2010] [notice] child pid 5757 exit signal Segmentation fault (11)

Reproduce code:
---------------
<?php  tidy_repair_string("<img> <a></a>", null); ?>

Expected result:
----------------
It doesnt crash

Actual result:
--------------
Seg Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-04 16:03 UTC] netslayer007 at gmail dot com
Tags with spaces is causing a seg fault:
"<a> <b>" = Seg Fault
"<i> <b>" = Seg Fault
"<i> <img>" = Seg Fault

Tags next to each other without spaces are fine:
"<a><a>" = OK
"<a><b>" = OK
"<b><a>" = OK
"<a><i>" = OK
"<i><b>" = OK
"<i><img>" = OK
"<a><img>" = OK

Some tags with spaces work fine:
"<i> <i>" = OK

Original string I found this bug in:
<img src="http://" style="margin-right: 3px; display: inline; vertical-align: middle;" height="20" width="20"> <a href="/services/alerts/">Text</a>
 [2010-11-04 19:26 UTC] netslayer007 at gmail dot com
Here's the end of the stack dump

Reading symbols from /home/c/cvs/cf/ext/lib/php/extensions/tidy.so...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/php/extensions/tidy.so
Reading symbols from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0...done.
Loaded symbols for /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib64/libnss_files.so.2
#0  0x0000002a9c89fc9c in TextEndsWithNewline () from /home/c/cvs/cf/ext/lib/libtidy-0.99.so.0
 [2010-11-04 19:32 UTC] netslayer007 at gmail dot com
Adding duplicate bug reported w/ patch (Subject: [ tidy-Bugs-1694875 ] Accessing offset -1 of the
buffer in TextEndsWithNewline - msg#00038
List: web.html-tidy.tracker)

http://osdir.com/ml/web.html-tidy.tracker/2007-04/msg00038.html
 [2010-11-05 18:07 UTC] netslayer007 at gmail dot com
This was was no longer reproducible once I updated to the latest CVS libtidy from sourceforge so I'm going to close it. Anyone else who cannot upgrade can try the patch attached to the bug report URL that is in the comments.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun May 22 15:03:34 2022 UTC