scottmac Fri Dec 19 02:13:42 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/json JSON_parser.c /php-src/ext/json/tests 001.phpt /php-src NEWS Log: MFH: Invalid string causes segfault within json_decode() http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15&diff_format=u Index: php-src/ext/json/JSON_parser.c diff -u php-src/ext/json/JSON_parser.c:1.1.2.14 php-src/ext/json/JSON_parser.c:1.1.2.15 --- php-src/ext/json/JSON_parser.c:1.1.2.14 Tue Dec 2 14:50:37 2008 +++ php-src/ext/json/JSON_parser.c Fri Dec 19 02:13:41 2008 @@ -494,9 +494,7 @@ } */ case -7: - if (type != -1 && - (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT || - JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)) + if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_OBJECT) { zval *mval; smart_str_0(&buf); @@ -566,9 +564,7 @@ */ case -5: { - if (type != -1 && - (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT || - JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)) + if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_ARRAY) { zval *mval; smart_str_0(&buf); http://cvs.php.net/viewvc.cgi/php-src/ext/json/tests/001.phpt?r1=1.1.2.4&r2=1.1.2.5&diff_format=u Index: php-src/ext/json/tests/001.phpt diff -u php-src/ext/json/tests/001.phpt:1.1.2.4 php-src/ext/json/tests/001.phpt:1.1.2.5 --- php-src/ext/json/tests/001.phpt:1.1.2.4 Fri Nov 3 13:16:33 2006 +++ php-src/ext/json/tests/001.phpt Fri Dec 19 02:13:41 2008 @@ -16,6 +16,7 @@ var_dump(json_decode("ÑÑÑÑиÑ")); var_dump(json_decode("blah")); var_dump(json_decode(NULL)); +var_dump(json_decode('[1}')); var_dump(json_decode('{ "test": { "foo": "bar" } }')); var_dump(json_decode('{ "test": { "foo": "" } }')); var_dump(json_decode('{ "": { "foo": "" } }')); @@ -38,6 +39,7 @@ string(12) "ÑÑÑÑиÑ" string(4) "blah" NULL +NULL object(stdClass)#1 (1) { ["test"]=> object(stdClass)#2 (1) { http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1366&r2=1.2027.2.547.2.1367&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1366 php-src/NEWS:1.2027.2.547.2.1367 --- php-src/NEWS:1.2027.2.547.2.1366 Thu Dec 18 21:05:55 2008 +++ php-src/NEWS Fri Dec 19 02:13:41 2008 @@ -7,6 +7,8 @@ correctly with a non truecolour image, reported by Hamid Ebadi, APA Laboratory. (Fixes CVE-2008-5498) (Scott) +- Fixed segfault when malformed string passed to json_decode(). (Scott) + - Fixed bug #46889 (Memory leak in strtotime()). (Derick) - Fixed bug #46887 (Invalid calls to php_error_docref()). (oeriksson at mandriva dot com, Ilia)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php