sniper Wed Sep 3 12:26:43 2003 EDT
Modified files: (Branch: PHP_4_3)
/php-src NEWS
/php-src/ext/standard var_unserializer.re
Log:
MFH: - Fixed bug #25378 (Invalid data passed to unserialize() causes segfault)
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.372 php-src/NEWS:1.1247.2.373
--- php-src/NEWS:1.1247.2.372 Wed Sep 3 10:56:11 2003
+++ php-src/NEWS Wed Sep 3 12:26:41 2003
@@ -6,6 +6,7 @@
- Fixed crash bug when non-existing save/serializer handler was used. (Jani)
- Fixed memory leak in gethostbynamel() if an error occurs. (Sara)
- Fixed FastCGI being unable to bind to a specific IP. (Sascha)
+- Fixed bug #25378 (unserialize() crashes with invalid data). (Jani)
- Fixed bug #25372 (sscanf() does not work with %X). (Jani)
- Fixed bug #25348 ("make install" fails with --enable-short-tags). (Jani)
- Fixed bug #25343 (is_dir() gives warning on FreeBSD). (Jani)
Index: php-src/ext/standard/var_unserializer.re
diff -u php-src/ext/standard/var_unserializer.re:1.11.4.1
php-src/ext/standard/var_unserializer.re:1.11.4.2
--- php-src/ext/standard/var_unserializer.re:1.11.4.1 Sun May 18 08:04:34 2003
+++ php-src/ext/standard/var_unserializer.re Wed Sep 3 12:26:42 2003
@@ -90,6 +90,7 @@
/*!re2c
+uiv = [+]? [0-9]+;
iv = [+-]? [0-9]+;
nv = [+-]? ([0-9]* "." [0-9]+|[0-9]+ "." [0-9]*);
nvexp = (iv | nv) [eE] [+-]? iv;
@@ -281,7 +282,7 @@
return 1;
}
-"s:" iv ":" ["] {
+"s:" uiv ":" ["] {
int len;
char *str;
@@ -301,7 +302,7 @@
return 1;
}
-"a:" iv ":" "{" {
+"a:" uiv ":" "{" {
int elements = parse_iv(start + 2);
*p = YYCURSOR;
@@ -327,7 +328,7 @@
object_common1(UNSERIALIZE_PASSTHRU,
ZEND_STANDARD_CLASS_DEF_PTR));
}
-"O:" iv ":" ["] {
+"O:" uiv ":" ["] {
int len;
int elements;
int len2;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
