php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

tidy: Harden against tidyNodeGetText() failure

Browse Source 
Either the buffer size or the return value needs to be checked.
From a quick look into the tidy source code, this can't fail right now
for our use case in practice, but it might in the future.

Closes GH-20389.
This commit is contained in:
Niels Dossche
2025-11-04 20:41:23 +01:00
parent 51edaac9cf
commit 0584e59734
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ext/tidy/tidy.c
View File

@@ -553,8 +553,7 @@ static zend_result tidy_node_cast_handler(zend_object *in, zval *out, int type)
case IS_STRING:
obj = php_tidy_fetch_object(in);
tidyBufInit(&buf);
if (obj->ptdoc) {
tidyNodeGetText(obj->ptdoc->doc, obj->node, &buf);
if (obj->ptdoc && tidyNodeGetText(obj->ptdoc->doc, obj->node, &buf)) {
ZVAL_STRINGL(out, (char *) buf.bp, buf.size-1);
} else {
ZVAL_EMPTY_STRING(out);
@@ -611,7 +610,7 @@ static void tidy_add_node_default_properties(PHPTidyObj *obj)
char *name;
tidyBufInit(&buf);
tidyNodeGetText(obj->ptdoc->doc, obj->node, &buf);
(void) tidyNodeGetText(obj->ptdoc->doc, obj->node, &buf);
zend_update_property_stringl(
tidy_ce_node,