dmitry Mon Jul 10 14:02:54 2006 UTC
Modified files:
/php-src/ext/standard var.c
/php-src/ext/standard/tests/serialize bug37947.phpt
Log:
Fixed bug #37947 (zend_ptr_stack reallocation problem)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var.c?r1=1.234&r2=1.235&diff_format=u
Index: php-src/ext/standard/var.c
diff -u php-src/ext/standard/var.c:1.234 php-src/ext/standard/var.c:1.235
--- php-src/ext/standard/var.c:1.234 Sat Jun 3 11:19:43 2006
+++ php-src/ext/standard/var.c Mon Jul 10 14:02:54 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: var.c,v 1.234 2006/06/03 11:19:43 mike Exp $ */
+/* $Id: var.c,v 1.235 2006/07/10 14:02:54 dmitry Exp $ */
@@ -1100,49 +1100,47 @@
PHP_FUNCTION(unserialize)
{
- zval **buf;
+ unsigned char *buf;
+ char *str = NULL;
+ int buf_len;
+ zend_uchar buf_type;
+ const unsigned char *p;
+
php_unserialize_data_t var_hash;
- if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &buf) == FAILURE)
{
- WRONG_PARAM_COUNT;
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "T",
+ &buf, &buf_len,
&buf_type) == FAILURE) {
+ RETURN_FALSE;
}
- if (Z_TYPE_PP(buf) == IS_UNICODE) {
+ if (buf_len == 0) {
+ RETURN_FALSE;
+ }
+
+ if (buf_type == IS_UNICODE) {
/* ASCII unicode string to binary string conversion */
- char *str = emalloc(Z_USTRLEN_PP(buf)+1);
int i;
- for (i = 0; i < Z_UNILEN_PP(buf); i++) {
- if (Z_USTRVAL_PP(buf)[i] > 128) {
- php_error_docref(NULL TSRMLS_CC, E_NOTICE,
"Error at offset %d of %d bytes", i, Z_USTRLEN_PP(buf));
+ str = emalloc(buf_len+1);
+ for (i = 0; i < buf_len; i++) {
+ if (buf[i] > 128) {
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE,
"Error at offset %d of %d bytes", i, buf_len);
}
- str[i] = Z_USTRVAL_PP(buf)[i];
+ str[i] = buf[i];
}
str[i] = '\0';
- efree(Z_USTRVAL_PP(buf));
- Z_STRVAL_PP(buf) = str;
- Z_TYPE_PP(buf) = IS_STRING;
+ buf = str;
}
-
- if (Z_TYPE_PP(buf) == IS_STRING) {
- const unsigned char *p = (unsigned char*)Z_STRVAL_PP(buf);
-
- if (Z_STRLEN_PP(buf) == 0) {
- RETURN_FALSE;
- }
-
- PHP_VAR_UNSERIALIZE_INIT(var_hash);
- if (!php_var_unserialize(&return_value, &p, p +
Z_STRLEN_PP(buf), &var_hash TSRMLS_CC)) {
- PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
- zval_dtor(return_value);
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Error at
offset %ld of %d bytes", (long)((char*)p - Z_STRVAL_PP(buf)), Z_STRLEN_PP(buf));
- RETURN_FALSE;
- }
+
+ p = (const unsigned char*)buf;
+ PHP_VAR_UNSERIALIZE_INIT(var_hash);
+ if (!php_var_unserialize(&return_value, &p, p + buf_len, &var_hash
TSRMLS_CC)) {
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
- } else {
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Argument is not a
string");
+ zval_dtor(return_value);
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Error at offset %ld
of %d bytes", (long)((unsigned char*)p - buf), buf_len);
RETURN_FALSE;
}
+ PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
}
/* }}} */
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/serialize/bug37947.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/standard/tests/serialize/bug37947.phpt
diff -u /dev/null php-src/ext/standard/tests/serialize/bug37947.phpt:1.2
--- /dev/null Mon Jul 10 14:02:54 2006
+++ php-src/ext/standard/tests/serialize/bug37947.phpt Mon Jul 10 14:02:54 2006
@@ -0,0 +1,21 @@
+--TEST--
+Bug #37947 (zend_ptr_stack reallocation problem)
+--INI--
+error_reporting=0
+--FILE--
+<?
+class test {
+ function extend_zend_ptr_stack($count,$a,$b,$c,$d,$e) {
+ if ($count>0) $this->extend_zend_ptr_stack($count -
+1,$a,$b,$c,$d,$e);
+ }
+
+ function __wakeup() {
+ $this->extend_zend_ptr_stack(10,'a','b','c','d','e');
+ }
+}
+
+$str='a:2:{i:0;O:4:"test":0:{}junk';
+var_dump(unserialize($str));
+--EXPECT--
+bool(false)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
