[ruby/cgi] Fix unescapeHTML

https://github.com/ruby/cgi/commit/67610e6ca8
author: flosacca <flosacca@gmail.com> 2023-11-23 01:49:42 +0800
committer: git <svn-admin@ruby-lang.org> 2023-11-30 08:19:28 +0000
commit: 30e477802094e1c47fb5946b79aeeebb3b3ebec5 (patch)
tree: 190a71f0c5d8960819dbdaf2c9c3a56ba7f3cb9c /ext/cgi/escape
parent: 0daa0589a9b714201a9460fef1bcf5260bc3c6ae (diff)
1 files changed, 26 insertions, 7 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
index 17a134aa1a..495ad83aa3 100644
--- a/ext/cgi/escape/escape.c
+++ b/ext/cgi/escape/escape.c
@@ -83,7 +83,7 @@ optimized_unescape_html(VALUE str)
     unsigned long charlimit = (strcasecmp(rb_enc_name(enc), "UTF-8") == 0 ? UNICODE_MAX :
                                strcasecmp(rb_enc_name(enc), "ISO-8859-1") == 0 ? 256 :
                                128);
-    long i, len, beg = 0;
+    long i, j, len, beg = 0;
     size_t clen, plen;
     int overflow;
     const char *cstr;
@@ -100,6 +100,7 @@ optimized_unescape_html(VALUE str)
         plen = i - beg;
         if (++i >= len) break;
         c = (unsigned char)cstr[i];
+        j = i;
 #define MATCH(s) (len - i >= (int)rb_strlen_lit(s) && \
                   memcmp(&cstr[i], s, rb_strlen_lit(s)) == 0 && \
                   (i += rb_strlen_lit(s) - 1, 1))
@@ -112,28 +113,40 @@ optimized_unescape_html(VALUE str)
             else if (MATCH("mp;")) {
                 c = '&';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case 'q':
             ++i;
             if (MATCH("uot;")) {
                 c = '"';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case 'g':
             ++i;
             if (MATCH("t;")) {
                 c = '>';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case 'l':
             ++i;
             if (MATCH("t;")) {
                 c = '<';
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             break;
           case '#':
             if (len - ++i >= 2 && ISDIGIT(cstr[i])) {
@@ -142,9 +155,15 @@ optimized_unescape_html(VALUE str)
             else if ((cstr[i] == 'x' || cstr[i] == 'X') && len - ++i >= 2 && ISXDIGIT(cstr[i])) {
                 cc = ruby_scan_digits(&cstr[i], len-i, 16, &clen, &overflow);
             }
-            else continue;
+            else {
+                i = j;
+                continue;
+            }
             i += clen;
-            if (overflow || cc >= charlimit || cstr[i] != ';') continue;
+            if (overflow || cc >= charlimit || cstr[i] != ';') {
+                i = j;
+                continue;
+            }
             if (!dest) {
                 dest = rb_str_buf_new(len);
             }
author	flosacca <flosacca@gmail.com>	2023-11-23 01:49:42 +0800
committer	git <svn-admin@ruby-lang.org>	2023-11-30 08:19:28 +0000
commit	30e477802094e1c47fb5946b79aeeebb3b3ebec5 (patch)
tree	190a71f0c5d8960819dbdaf2c9c3a56ba7f3cb9c /ext/cgi/escape
parent	0daa0589a9b714201a9460fef1bcf5260bc3c6ae (diff)