Skip to content

Commit

Permalink
fix bug #54682 (tidy null pointer dereference)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tony2001
tony2001 committed Feb 7, 2012
1 parent 73ccc0a commit 206f123
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions ext/tidy/tidy.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,7 @@ struct _PHPTidyDoc {
TidyDoc doc;
TidyBuffer *errbuf;
unsigned int ref_count;
unsigned int initialized:1;
};

struct _PHPTidyObj {
Expand Down Expand Up @@ -688,6 +689,7 @@ static void tidy_object_new(zend_class_entry *class_type, zend_object_handlers *
intern->ptdoc = emalloc(sizeof(PHPTidyDoc));
intern->ptdoc->doc = tidyCreate();
intern->ptdoc->ref_count = 1;
intern->ptdoc->initialized = 0;
intern->ptdoc->errbuf = emalloc(sizeof(TidyBuffer));
tidyBufInit(intern->ptdoc->errbuf);

Expand Down Expand Up @@ -1047,7 +1049,9 @@ static int php_tidy_parse_string(PHPTidyObj *obj, char *string, int len, char *e
return FAILURE;
}
}


obj->ptdoc->initialized = 1;

tidyBufInit(&buf);
tidyBufAttach(&buf, (byte *) string, len);
if (tidyParseBuffer(obj->ptdoc->doc, &buf) < 0) {
Expand Down Expand Up @@ -1336,7 +1340,7 @@ static PHP_FUNCTION(tidy_diagnose)
{
TIDY_FETCH_OBJECT;

if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
if (obj->ptdoc->initialized && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
tidy_doc_update_properties(obj TSRMLS_CC);
RETURN_TRUE;
}
Expand Down

0 comments on commit 206f123

Please sign in to comment.