Buffer overflow on htmlspecialchars/entities with $double=false
[2012-02-03 10:48 UTC] khalid at istartus dot com
Description:
------------
Long entities can cause a buffer overflow because the loop only guarantees 40 bytes available in beginning.
Test script:
---------------
<?php
echo htmlspecialchars('"""""""""""""""""""""""""""""""""""""""""""""',
ENT_QUOTES, 'UTF-8', false), "\n";
[2012-02-03 10:50 UTC] cataphract@php.net
-Status: Open +Status: Critical -Assigned To: +Assigned To: cataphract
[2012-02-27 09:56 UTC] khalid at istartus dot com
-: cataphract@php.net +: khalid at istartus dot com -Status: Closed +Status: Assigned
[2012-02-27 09:56 UTC] khalid at istartus dot com
[2012-04-13 21:42 UTC] nikic@php.net
-Status: Assigned +Status: Closed