#38378 [Com]: wddx_serialize_value geneates no wellformed xml

[sj at sjaensch dot org]

 ID:               38378
 Comment by:       sj at sjaensch dot org
 Reported By:      clemens at gutweiler dot net
 Status:           Open
 Bug Type:         WDDX related
 Operating System: Linux
 PHP Version:      4.4.3
 New Comment:

When replacing sprintf() with snprintf(), the length of the resulting
string was calculated wrongly. Patch follows:


--- php-4.4.3/ext/wddx/wddx.c   Fri May 26 03:55:26 2006
+++ php-4.4.3-fixed/ext/wddx/wddx.c     Mon Aug 21 16:30:44 2006
@@ -626,12 +626,13 @@
 {
        char *tmp_buf;
        char *name_esc;
-       int name_esc_len;
+       int name_esc_len, tmp_buf_len;

        if (name) {
                name_esc = php_escape_html_entities(name, name_len,
&name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-               tmp_buf = emalloc(name_esc_len + 1);
-               snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
+               tmp_buf_len = name_esc_len + strlen(WDDX_VAR_S);
+               tmp_buf = emalloc(tmp_buf_len+1);
+               snprintf(tmp_buf, tmp_buf_len, WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
                efree(tmp_buf);
                efree(name_esc);


Previous Comments:
------------------------------------------------------------------------

[2006-08-17 13:06:20] hweidner at gmx dot net

The function wddx_serialize_vars seems also affected:

$array=array("aaa", "bbb", "ccc");
echo wddx_serialize_vars("array");

creates to the broken XML code unter PHP 4.4.3

<wddxPacket version='1.0'><header/><data><struct><var<array
length='3'><string>aaa</string><string>bbb</string><string>ccc</string></array></var></struct></data></wddxPacket>

------------------------------------------------------------------------

[2006-08-08 09:57:13] clemens at gutweiler dot net

Description:
------------
wddx_serialize_value generates an invalid wddx package/xml 
string.

in php version 4.4.2 the sample code works, in 4.4.3 not.

Reproduce code:
---------------
<?php
        $array = array(
                'index' => array(
                        1 => 'integer key',
                        'string' => 'string key'
                )
        );
        var_dump( wddx_serialize_value( $array ) );
?>


Expected result:
----------------
/web/cg/playground# /usr/local/php-4.4.2-fastcgi/bin/php 
wddx.php 

string(219) "<wddxPacket version='1.0'><header/
><data><struct><var name='index'><struct><var 
name='1'><string>integer key</string></var><var 
name='string'><string>string key</string></var></struct></
var></struct></data></wddxPacket>"


Actual result:
--------------
/web/cg/playground# /usr/local/php-4.4.3-fastcgi/bin/php 
wddx.php 

string(179) "<wddxPacket version='1.0'><header/
><data><struct><var <struct><string>integer key</string></
var><var n<string>string key</string></var></struct></var></
struct></data></wddxPacket>"



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=38378&edit=1