Skip to content

Commit 991da29

Browse files
author
Moriyoshi Koizumi
committed
Set fgetss() free from the length parameter
1 parent 503e49f commit 991da29

File tree

1 file changed

+26
-18
lines changed

1 file changed

+26
-18
lines changed

ext/standard/file.c

Lines changed: 26 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1668,19 +1668,24 @@ PHPAPI PHP_FUNCTION(fgetc)
16681668
}
16691669
/* }}} */
16701670

1671-
/* {{{ proto string fgetss(resource fp, int length [, string allowable_tags])
1671+
/* {{{ proto string fgetss(resource fp [, int length, string allowable_tags])
16721672
Get a line from file pointer and strip HTML tags */
16731673
PHPAPI PHP_FUNCTION(fgetss)
16741674
{
1675-
zval **fd, **bytes, **allow=NULL;
1676-
int len;
1675+
zval **fd, **bytes = NULL, **allow=NULL;
1676+
size_t len = 0;
16771677
size_t actual_len, retval_len;
1678-
char *buf;
1678+
char *buf = NULL, *retval;
16791679
php_stream *stream;
16801680
char *allowed_tags=NULL;
16811681
int allowed_tags_len=0;
16821682

16831683
switch(ZEND_NUM_ARGS()) {
1684+
case 1:
1685+
if (zend_get_parameters_ex(1, &fd) == FAILURE) {
1686+
RETURN_FALSE;
1687+
}
1688+
break;
16841689
case 2:
16851690
if (zend_get_parameters_ex(2, &fd, &bytes) == FAILURE) {
16861691
RETURN_FALSE;
@@ -1702,26 +1707,29 @@ PHPAPI PHP_FUNCTION(fgetss)
17021707

17031708
php_stream_from_zval(stream, fd);
17041709

1705-
convert_to_long_ex(bytes);
1706-
len = Z_LVAL_PP(bytes);
1707-
if (len < 0) {
1708-
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter may not be negative");
1709-
RETURN_FALSE;
1710-
}
1710+
if (bytes != NULL) {
1711+
convert_to_long_ex(bytes);
1712+
if (Z_LVAL_PP(bytes) < 0) {
1713+
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter may not be negative");
1714+
RETURN_FALSE;
1715+
}
17111716

1712-
buf = emalloc(sizeof(char) * (len + 1));
1713-
/*needed because recv doesnt set null char at end*/
1714-
memset(buf, 0, len + 1);
1717+
len = (size_t) Z_LVAL_PP(bytes);
1718+
buf = emalloc(sizeof(char) * (len + 1));
1719+
/*needed because recv doesnt set null char at end*/
1720+
memset(buf, 0, len + 1);
1721+
}
17151722

1716-
if (php_stream_get_line(stream, buf, len, &actual_len) == NULL) {
1717-
efree(buf);
1723+
if ((retval = php_stream_get_line(stream, buf, len, &actual_len)) == NULL) {
1724+
if (buf != NULL) {
1725+
efree(buf);
1726+
}
17181727
RETURN_FALSE;
17191728
}
17201729

1721-
/* strlen() can be used here since we are doing it on the return of an fgets() anyway */
1722-
retval_len = php_strip_tags(buf, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len);
1730+
retval_len = php_strip_tags(retval, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len);
17231731

1724-
RETURN_STRINGL(buf, retval_len, 0);
1732+
RETURN_STRINGL(retval, retval_len, 0);
17251733
}
17261734
/* }}} */
17271735

0 commit comments

Comments
 (0)