tony2001 Fri Dec 8 20:59:06 2006 UTC
Modified files:
/php-src/ext/standard php_var.h var.c
Log:
fix possible issue in the serializer, which might currupt struc when
reallocating arguments stack
(no reproduce case, sorry)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/php_var.h?r1=1.33&r2=1.34&diff_format=u
Index: php-src/ext/standard/php_var.h
diff -u php-src/ext/standard/php_var.h:1.33 php-src/ext/standard/php_var.h:1.34
--- php-src/ext/standard/php_var.h:1.33 Tue May 30 14:51:54 2006
+++ php-src/ext/standard/php_var.h Fri Dec 8 20:59:06 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_var.h,v 1.33 2006/05/30 14:51:54 iliaa Exp $ */
+/* $Id: php_var.h,v 1.34 2006/12/08 20:59:06 tony2001 Exp $ */
#ifndef PHP_VAR_H
#define PHP_VAR_H
@@ -48,7 +48,7 @@
typedef struct php_unserialize_data php_unserialize_data_t;
-PHPAPI void php_var_serialize(smart_str *buf, zval **struc,
php_serialize_data_t *var_hash TSRMLS_DC);
+PHPAPI void php_var_serialize(smart_str *buf, zval *struc,
php_serialize_data_t *var_hash TSRMLS_DC);
PHPAPI int php_var_unserialize(zval **rval, const unsigned char **p, const
unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC);
#define PHP_VAR_SERIALIZE_INIT(var_hash) \
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var.c?r1=1.249&r2=1.250&diff_format=u
Index: php-src/ext/standard/var.c
diff -u php-src/ext/standard/var.c:1.249 php-src/ext/standard/var.c:1.250
--- php-src/ext/standard/var.c:1.249 Mon Dec 4 18:55:40 2006
+++ php-src/ext/standard/var.c Fri Dec 8 20:59:06 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: var.c,v 1.249 2006/12/04 18:55:40 andrei Exp $ */
+/* $Id: var.c,v 1.250 2006/12/08 20:59:06 tony2001 Exp $ */
@@ -666,7 +666,7 @@
/* {{{ php_var_serialize */
-static void php_var_serialize_intern(smart_str *buf, zval **struc, HashTable
*var_hash TSRMLS_DC);
+static void php_var_serialize_intern(smart_str *buf, zval *struc, HashTable
*var_hash TSRMLS_DC);
static inline int php_add_var_hash(HashTable *var_hash, zval *var, void
*var_old TSRMLS_DC)
{
@@ -765,11 +765,11 @@
smart_str_appendl(buf, "\";", 2);
}
-static inline zend_bool php_var_serialize_class_name(smart_str *buf, zval
**struc TSRMLS_DC)
+static inline zend_bool php_var_serialize_class_name(smart_str *buf, zval
*struc TSRMLS_DC)
{
PHP_CLASS_ATTRIBUTES;
- PHP_SET_CLASS_ATTRIBUTES(*struc);
+ PHP_SET_CLASS_ATTRIBUTES(struc);
smart_str_appendl(buf, "O:", 2);
smart_str_append_long(buf, name_len);
smart_str_appendl(buf, ":\"", 2);
@@ -783,7 +783,7 @@
return incomplete_class;
}
-static void php_var_serialize_class(smart_str *buf, zval **struc, zval
*retval_ptr, HashTable *var_hash TSRMLS_DC)
+static void php_var_serialize_class(smart_str *buf, zval *struc, zval
*retval_ptr, HashTable *var_hash TSRMLS_DC)
{
int count;
zend_bool incomplete_class;
@@ -839,17 +839,17 @@
smart_str_appendl(buf,"N;", 2);
continue;
}
- if (zend_u_hash_find(Z_OBJPROP_PP(struc),
Z_TYPE_PP(name), Z_UNIVAL_PP(name),
+ if (zend_u_hash_find(Z_OBJPROP_P(struc),
Z_TYPE_PP(name), Z_UNIVAL_PP(name),
Z_UNILEN_PP(name) + 1, (void *)
&d) == SUCCESS) {
if (Z_TYPE_PP(name) == IS_UNICODE) {
php_var_serialize_unicode(buf,
Z_USTRVAL_PP(name), Z_USTRLEN_PP(name));
} else {
php_var_serialize_string(buf,
Z_STRVAL_PP(name), Z_STRLEN_PP(name));
}
- php_var_serialize_intern(buf, d, var_hash
TSRMLS_CC);
+ php_var_serialize_intern(buf, *d, var_hash
TSRMLS_CC);
} else {
zend_class_entry *ce;
- ce = zend_get_class_entry(*struc TSRMLS_CC);
+ ce = zend_get_class_entry(struc TSRMLS_CC);
if (ce) {
zstr prot_name, priv_name;
int prop_name_length;
@@ -857,27 +857,27 @@
do {
zend_u_mangle_property_name(&priv_name, &prop_name_length, Z_TYPE_PP(name),
ce->name, ce->name_length,
Z_UNIVAL_PP(name), Z_UNILEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
- if
(zend_u_hash_find(Z_OBJPROP_PP(struc), Z_TYPE_PP(name), priv_name,
prop_name_length+1, (void *) &d) == SUCCESS) {
+ if
(zend_u_hash_find(Z_OBJPROP_P(struc), Z_TYPE_PP(name), priv_name,
prop_name_length+1, (void *) &d) == SUCCESS) {
if (Z_TYPE_PP(name) ==
IS_UNICODE) {
php_var_serialize_unicode(buf, priv_name.u, prop_name_length);
} else {
php_var_serialize_string(buf, priv_name.s, prop_name_length);
}
efree(priv_name.v);
-
php_var_serialize_intern(buf, d, var_hash TSRMLS_CC);
+
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
efree(priv_name.v);
zend_u_mangle_property_name(&prot_name, &prop_name_length, Z_TYPE_PP(name),
star, 1,
Z_UNIVAL_PP(name), Z_UNILEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
- if
(zend_u_hash_find(Z_OBJPROP_PP(struc), Z_TYPE_PP(name), prot_name,
prop_name_length+1, (void *) &d) == SUCCESS) {
+ if
(zend_u_hash_find(Z_OBJPROP_P(struc), Z_TYPE_PP(name), prot_name,
prop_name_length+1, (void *) &d) == SUCCESS) {
if (Z_TYPE_PP(name) ==
IS_UNICODE) {
php_var_serialize_unicode(buf, prot_name.u, prop_name_length);
} else {
php_var_serialize_string(buf, prot_name.s, prop_name_length);
}
efree(prot_name.v);
-
php_var_serialize_intern(buf, d, var_hash TSRMLS_CC);
+
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
break;
}
efree(prot_name.v);
@@ -887,7 +887,7 @@
} else {
php_var_serialize_string(buf, Z_STRVAL_PP(name), Z_STRLEN_PP(name));
}
- php_var_serialize_intern(buf,
&nvalp, var_hash TSRMLS_CC);
+ php_var_serialize_intern(buf,
nvalp, var_hash TSRMLS_CC);
} while (0);
} else {
if (Z_TYPE_PP(name) == IS_UNICODE) {
@@ -895,7 +895,7 @@
} else {
php_var_serialize_string(buf,
Z_STRVAL_PP(name), Z_STRLEN_PP(name));
}
- php_var_serialize_intern(buf, &nvalp,
var_hash TSRMLS_CC);
+ php_var_serialize_intern(buf, nvalp,
var_hash TSRMLS_CC);
}
}
}
@@ -904,20 +904,20 @@
}
-static void php_var_serialize_intern(smart_str *buf, zval **struc, HashTable
*var_hash TSRMLS_DC)
+static void php_var_serialize_intern(smart_str *buf, zval *struc, HashTable
*var_hash TSRMLS_DC)
{
int i;
ulong *var_already;
HashTable *myht;
if (var_hash
- && php_add_var_hash(var_hash, *struc, (void *) &var_already
TSRMLS_CC) == FAILURE) {
- if((*struc)->is_ref) {
+ && php_add_var_hash(var_hash, struc, (void *) &var_already
TSRMLS_CC) == FAILURE) {
+ if(struc->is_ref) {
smart_str_appendl(buf, "R:", 2);
smart_str_append_long(buf, *var_already);
smart_str_appendc(buf, ';');
return;
- } else if(Z_TYPE_PP(struc) == IS_OBJECT) {
+ } else if(Z_TYPE_P(struc) == IS_OBJECT) {
smart_str_appendl(buf, "r:", 2);
smart_str_append_long(buf, *var_already);
smart_str_appendc(buf, ';');
@@ -925,10 +925,10 @@
}
}
- switch (Z_TYPE_PP(struc)) {
+ switch (Z_TYPE_P(struc)) {
case IS_BOOL:
smart_str_appendl(buf, "b:", 2);
- smart_str_append_long(buf, Z_LVAL_PP(struc));
+ smart_str_append_long(buf, Z_LVAL_P(struc));
smart_str_appendc(buf, ';');
return;
@@ -937,25 +937,25 @@
return;
case IS_LONG:
- php_var_serialize_long(buf, Z_LVAL_PP(struc));
+ php_var_serialize_long(buf, Z_LVAL_P(struc));
return;
case IS_DOUBLE: {
char *s;
ulong slen;
- slen = spprintf(&s, 0, "d:%.*G;", (int)
PG(serialize_precision), Z_DVAL_PP(struc));
+ slen = spprintf(&s, 0, "d:%.*G;", (int)
PG(serialize_precision), Z_DVAL_P(struc));
smart_str_appendl(buf, s, slen);
efree(s);
return;
}
case IS_STRING:
- php_var_serialize_string(buf, Z_STRVAL_PP(struc),
Z_STRLEN_PP(struc));
+ php_var_serialize_string(buf, Z_STRVAL_P(struc),
Z_STRLEN_P(struc));
return;
case IS_UNICODE:
- php_var_serialize_unicode(buf, Z_USTRVAL_PP(struc),
Z_USTRLEN_PP(struc));
+ php_var_serialize_unicode(buf, Z_USTRVAL_P(struc),
Z_USTRLEN_P(struc));
return;
case IS_OBJECT: {
@@ -964,8 +964,8 @@
int res;
zend_class_entry *ce = NULL;
- if(Z_OBJ_HT_PP(struc)->get_class_entry) {
- ce = Z_OBJCE_PP(struc);
+ if(Z_OBJ_HT_P(struc)->get_class_entry) {
+ ce = Z_OBJCE_P(struc);
}
if(ce && ce->serialize != NULL) {
@@ -973,15 +973,15 @@
unsigned char *serialized_data = NULL;
zend_uint serialized_length;
- if(ce->serialize(*struc,
&serialized_data, &serialized_length, (zend_serialize_data *)var_hash
TSRMLS_CC) == SUCCESS) {
+ if(ce->serialize(struc,
&serialized_data, &serialized_length, (zend_serialize_data *)var_hash
TSRMLS_CC) == SUCCESS) {
smart_str_appendl(buf, "C:", 2);
- smart_str_append_long(buf,
Z_OBJCE_PP(struc)->name_length);
+ smart_str_append_long(buf,
Z_OBJCE_P(struc)->name_length);
smart_str_appendl(buf, ":\"",
2);
if (UG(unicode)) {
-
php_var_serialize_ustr(buf, Z_OBJCE_PP(struc)->name.u,
Z_OBJCE_PP(struc)->name_length);
+
php_var_serialize_ustr(buf, Z_OBJCE_P(struc)->name.u,
Z_OBJCE_P(struc)->name_length);
} else {
- smart_str_appendl(buf,
Z_OBJCE_PP(struc)->name.s, Z_OBJCE_PP(struc)->name_length);
+ smart_str_appendl(buf,
Z_OBJCE_P(struc)->name.s, Z_OBJCE_P(struc)->name_length);
}
smart_str_appendl(buf, "\":",
2);
@@ -1007,7 +1007,7 @@
zend_hash_exists(&ce->function_table,
"__sleep", sizeof("__sleep"))) {
INIT_PZVAL(&fname);
ZVAL_ASCII_STRINGL(&fname, "__sleep",
sizeof("__sleep") - 1, 1);
- res =
call_user_function_ex(CG(function_table), struc, &fname,
+ res =
call_user_function_ex(CG(function_table), &struc, &fname,
&retval_ptr, 0, 0, 1, NULL TSRMLS_CC);
zval_dtor(&fname);
if (res == SUCCESS && !EG(exception)) {
@@ -1036,12 +1036,12 @@
}
case IS_ARRAY: {
zend_bool incomplete_class = 0;
- if (Z_TYPE_PP(struc) == IS_ARRAY) {
+ if (Z_TYPE_P(struc) == IS_ARRAY) {
smart_str_appendl(buf, "a:", 2);
- myht = HASH_OF(*struc);
+ myht = HASH_OF(struc);
} else {
incomplete_class =
php_var_serialize_class_name(buf, struc TSRMLS_CC);
- myht = Z_OBJPROP_PP(struc);
+ myht = Z_OBJPROP_P(struc);
}
/* count after serializing name, since
php_var_serialize_class_name
changes the count if the variable is incomplete
class */
@@ -1088,7 +1088,7 @@
if (zend_hash_get_current_data_ex(myht,
(void **) &data, &pos) !=
SUCCESS
|| !data
- || data == struc
+ || data == &struc
|| (Z_TYPE_PP(data) == IS_ARRAY
&& Z_ARRVAL_PP(data)->nApplyCount > 1)
) {
smart_str_appendl(buf, "N;", 2);
@@ -1096,7 +1096,7 @@
if (Z_TYPE_PP(data) ==
IS_ARRAY) {
Z_ARRVAL_PP(data)->nApplyCount++;
}
- php_var_serialize_intern(buf,
data, var_hash TSRMLS_CC);
+ php_var_serialize_intern(buf,
*data, var_hash TSRMLS_CC);
if (Z_TYPE_PP(data) ==
IS_ARRAY) {
Z_ARRVAL_PP(data)->nApplyCount--;
}
@@ -1112,7 +1112,7 @@
}
}
-PHPAPI void php_var_serialize(smart_str *buf, zval **struc, HashTable
*var_hash TSRMLS_DC)
+PHPAPI void php_var_serialize(smart_str *buf, zval *struc, HashTable *var_hash
TSRMLS_DC)
{
php_var_serialize_intern(buf, struc, var_hash TSRMLS_CC);
smart_str_0(buf);
@@ -1137,7 +1137,7 @@
Z_STRLEN_P(return_value) = 0;
PHP_VAR_SERIALIZE_INIT(var_hash);
- php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
+ php_var_serialize(&buf, *struc, &var_hash TSRMLS_CC);
PHP_VAR_SERIALIZE_DESTROY(var_hash);
if (buf.c) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
