[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/wddx wddx.c /ext/wddx/tests bug41527.phpt

Mon, 11 Jun 2007 08:21:15 -0700 

iliaa           Mon Jun 11 15:20:56 2007 UTC

  Added files:                 (Branch: PHP_4_4)
    /php-src/ext/wddx/tests     bug41527.phpt 

  Modified files:              
    /php-src    NEWS 
    /php-src/ext/wddx   wddx.c 
  Log:
  
  MFB: WDDX deserialize numeric string array key
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.233&r2=1.1247.2.920.2.234&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.233 php-src/NEWS:1.1247.2.920.2.234
--- php-src/NEWS:1.1247.2.920.2.233     Fri Jun  8 05:31:01 2007
+++ php-src/NEWS        Mon Jun 11 15:20:56 2007
@@ -26,6 +26,8 @@
 - Fixed CVE-2007-1001 (GD wbmp used with invalid image size). (Pierre)
 - Fixed CVE-2007-0455 (Buffer overflow in gdImageStringFTEx, used by imagettf
   function). (Kees Cook, Pierre)
+- Fixed bug #41527 (WDDX deserialize numeric string array key). (php_lists
+  at realplain dot com, Ilia)
 - Fixed bug #41252 (Calling mcrypt_generic without first calling
   mcrypt_generic_init crashes). (Derick)
 - Fixed bug #40998 (long session array keys are truncated). (Tony)
http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.96.2.6.2.10&r2=1.96.2.6.2.11&diff_format=u
Index: php-src/ext/wddx/wddx.c
diff -u php-src/ext/wddx/wddx.c:1.96.2.6.2.10 
php-src/ext/wddx/wddx.c:1.96.2.6.2.11
--- php-src/ext/wddx/wddx.c:1.96.2.6.2.10       Tue Jan  9 15:21:08 2007
+++ php-src/ext/wddx/wddx.c     Mon Jun 11 15:20:56 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: wddx.c,v 1.96.2.6.2.10 2007/01/09 15:21:08 iliaa Exp $ */
+/* $Id: wddx.c,v 1.96.2.6.2.11 2007/06/11 15:20:56 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -986,22 +986,7 @@
                                                /* Clean up class name var 
entry */
                                                zval_ptr_dtor(&ent1->data);
                                        } else {
-                                               long l;  
-                                               double d;
-                               
-                                               switch 
(is_numeric_string(ent1->varname, strlen(ent1->varname), &l, &d, 0)) {
-                                                       case IS_DOUBLE:
-                                                               if (d > 
INT_MAX) {
-                                                                       goto 
bigint;
-                                                               }
-                                                               l = (long) d;
-                                                       case IS_LONG:
-                                                               
zend_hash_index_update(target_hash, l, &ent1->data, sizeof(zval *), NULL);
-                                                               break;
-                                                       default:
-bigint:
-                                                               
zend_hash_update(target_hash,ent1->varname, strlen(ent1->varname)+1, 
&ent1->data, sizeof(zval *), NULL);
-                                               }
+                                               zend_hash_update(target_hash, 
ent1->varname, strlen(ent1->varname)+1, &ent1->data, sizeof(zval *), NULL);
                                        }
                                        efree(ent1->varname);
                                } else  {

http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/tests/bug41527.phpt?view=markup&rev=1.1
Index: php-src/ext/wddx/tests/bug41527.phpt
+++ php-src/ext/wddx/tests/bug41527.phpt

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to