From 2f3be4069177a9a93c490f94c5b665268c61e2e8 Mon Sep 17 00:00:00 2001
From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Fri, 3 Sep 2010 03:09:51 +0000
Subject: [PATCH] Fixed system lock-ups caused by a combination of certain
 rare, malformed message headers and buggy versions of PHP mbstring (#3053349,
 987016)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14056 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 doc/ChangeLog         |  2 ++
 functions/strings.php | 16 +++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index f2067c8e..7a6ca13e 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -4,6 +4,8 @@
 
 Version 1.5.2 - SVN
 -------------------
+  - Fixed system lock-ups caused by a combination of certain rare, malformed
+    message headers and buggy versions of PHP mbstring (#3053349, $2987016).
   - Fix broken set_url_var function in functions/html.php (#1729814).
   - Fix incorrect detection of auth mechanisms in conf.pl (#1727033).
   - The search expression in the LDAP backend of the Addressbook is now
diff --git a/functions/strings.php b/functions/strings.php
index 64ec8715..123fab84 100644
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -1429,10 +1429,20 @@ function sm_truncate_string($string, $max_chars, $elipses='',
    if ($html_entities_as_chars)
    {
 
-      $entity_pos = -1;
-      while (($entity_pos = sq_strpos($string, '&', $entity_pos + 1)) !== FALSE
+      // $loop_count is needed to prevent an endless loop
+      // which is caused by buggy mbstring versions that
+      // return 0 (zero) instead of FALSE in some rare
+      // cases.  Thanks, PHP.
+      // see: http://bugs.php.net/bug.php?id=52731
+      // also: tracker $3053349
+      //
+      $loop_count = 0;
+      $entity_pos = $entity_end_pos = -1;
+      while ($entity_end_pos + 1 < $actual_strlen
+          && ($entity_pos = sq_strpos($string, '&', $entity_end_pos + 1)) !== FALSE
           && ($entity_end_pos = sq_strpos($string, ';', $entity_pos)) !== FALSE
-          && $entity_pos <= $adjusted_max_chars)
+          && $entity_pos <= $adjusted_max_chars
+          && $loop_count++ < $max_chars)
       {
          $adjusted_max_chars += $entity_end_pos - $entity_pos;
       }
-- 
2.25.1