tests bug34645.phpt

Ilia Alshanetsky Mon, 26 Sep 2005 08:19:20 -0700

iliaa           Mon Sep 26 11:19:06 2005 EDT

  Added files:                 (Branch: PHP_4_4)
    /php-src/ext/ctype/tests    bug34645.phpt


  Modified files:              
    /php-src    NEWS 
    /php-src/ext/ctype  ctype.c 
  Log:
  MFH: Fixed bug #34645 (ctype corrupts memory when validating large numbers).
  
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.40&r2=1.1247.2.920.2.41&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.40 php-src/NEWS:1.1247.2.920.2.41
--- php-src/NEWS:1.1247.2.920.2.40      Wed Sep 21 09:19:17 2005
+++ php-src/NEWS        Mon Sep 26 11:19:04 2005
@@ -2,6 +2,7 @@
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2005, Version 4.4.1
 - Added "new_link" parameter to mssql_connect(). Bug #34369. (Frank)
+- Fixed bug #34645 (ctype corrupts memory when validating large numbers). 
(Ilia)
 - Fixed bug #34565 (mb_send_mail does not fetch mail.force_extra_parameters).
   (Marco, Ilia)
 - Fixed bug #34456 (Possible crash inside pspell extension). (Nuno)
http://cvs.php.net/diff.php/php-src/ext/ctype/ctype.c?r1=1.23.4.5&r2=1.23.4.5.2.1&ty=u
Index: php-src/ext/ctype/ctype.c
diff -u php-src/ext/ctype/ctype.c:1.23.4.5 
php-src/ext/ctype/ctype.c:1.23.4.5.2.1
--- php-src/ext/ctype/ctype.c:1.23.4.5  Wed Sep 29 21:24:03 2004
+++ php-src/ext/ctype/ctype.c   Mon Sep 26 11:19:05 2005
@@ -92,34 +92,39 @@
 /* {{{ ctype
  */
 #define CTYPE(iswhat) \
-       zval *c; \
+       zval *c, tmp; \
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &c) == 
FAILURE) \
                return; \
-       switch (Z_TYPE_P(c)) { \
-       case IS_LONG: \
+       if (Z_TYPE_P(c) == IS_LONG) { \
                if (Z_LVAL_P(c) <= 255 && Z_LVAL_P(c) >= 0) { \
                        RETURN_BOOL(iswhat(Z_LVAL_P(c))); \
                } else if (Z_LVAL_P(c) >= -128 && Z_LVAL_P(c) < 0) { \
                        RETURN_BOOL(iswhat(Z_LVAL_P(c) + 256)); \
                } \
-               SEPARATE_ZVAL(&c);      \
-               convert_to_string(c);   \
-       case IS_STRING: \
-               { \
-                       char *p; \
-                       int n, len; \
-                       p=Z_STRVAL_P(c); \
-                       len = Z_STRLEN_P(c); \
-                       for(n=0;n<len;n++) { \
-                               if(!iswhat((int)*(unsigned char *)(p++))) 
RETURN_FALSE; \
+               tmp = *c; \
+               zval_copy_ctor(&tmp); \
+               convert_to_string(&tmp); \
+       } else { \
+               tmp = *c; \
+       } \
+       if (Z_TYPE(tmp) == IS_STRING) { \
+               char *p = Z_STRVAL(tmp), *e = Z_STRVAL(tmp) + Z_STRLEN(tmp); \
+               if (e == p) {   \
+                       if (Z_TYPE_P(c) == IS_LONG) zval_dtor(&tmp); \
+                       RETURN_FALSE;   \
+               }       \
+               while (p < e) { \
+                       if(!iswhat((int)*(unsigned char *)(p++))) { \
+                               if (Z_TYPE_P(c) == IS_LONG) zval_dtor(&tmp); \
+                               RETURN_FALSE; \
                        } \
-                       RETURN_TRUE; \
                } \
-       default: \
-               break; \
+               if (Z_TYPE_P(c) == IS_LONG) zval_dtor(&tmp); \
+               RETURN_TRUE; \
+       } else { \
+               RETURN_FALSE; \
        } \
-       RETURN_FALSE; 
- 
+
 /* }}} */
 
 /* {{{ proto bool ctype_alnum(mixed c)

http://cvs.php.net/co.php/php-src/ext/ctype/tests/bug34645.phpt?r=1.1&p=1
Index: php-src/ext/ctype/tests/bug34645.phpt
+++ php-src/ext/ctype/tests/bug34645.phpt

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/ctype ctype.c /ext/ctype/tests bug34645.phpt

Reply via email to