tests bug48562.phpt

Felipe Pena Mon, 15 Jun 2009 19:54:40 -0700

felipe          Tue Jun 16 02:54:27 2009 UTC

  Added files:                 (Branch: PHP_5_3)
    /php-src/ext/wddx/tests     bug48562.phpt


  Modified files:              
    /php-src/ext/wddx   wddx.c 
  Log:
  - MFH: Fixed bug #48562 (Reference recursion causes segfault when used in 
wddx_serialize_vars())
  
http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.17.2.18&r2=1.119.2.10.2.17.2.19&diff_format=u
Index: php-src/ext/wddx/wddx.c
diff -u php-src/ext/wddx/wddx.c:1.119.2.10.2.17.2.18 
php-src/ext/wddx/wddx.c:1.119.2.10.2.17.2.19
--- php-src/ext/wddx/wddx.c:1.119.2.10.2.17.2.18        Wed Dec 31 11:15:46 2008
+++ php-src/ext/wddx/wddx.c     Tue Jun 16 02:54:26 2009
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: wddx.c,v 1.119.2.10.2.17.2.18 2008/12/31 11:15:46 sebastian Exp $ */
+/* $Id: wddx.c,v 1.119.2.10.2.17.2.19 2009/06/16 02:54:26 felipe Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -704,13 +704,27 @@
                        php_wddx_serialize_var(packet, *val, 
Z_STRVAL_P(name_var), Z_STRLEN_P(name_var) TSRMLS_CC);
                }               
        } else if (Z_TYPE_P(name_var) == IS_ARRAY || Z_TYPE_P(name_var) == 
IS_OBJECT)   {
+               int is_array = Z_TYPE_P(name_var) == IS_ARRAY;
+               
                target_hash = HASH_OF(name_var);
                
+               if (is_array && target_hash->nApplyCount > 1) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion 
detected");
+                       return;
+               }
+
                zend_hash_internal_pointer_reset(target_hash);
 
                while(zend_hash_get_current_data(target_hash, (void**)&val) == 
SUCCESS) {
+                       if (is_array) {
+                               target_hash->nApplyCount++;
+                       }
+
                        php_wddx_add_var(packet, *val);
-                               
+
+                       if (is_array) {
+                               target_hash->nApplyCount--;
+                       }
                        zend_hash_move_forward(target_hash);
                }
        }

http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/tests/bug48562.phpt?view=markup&rev=1.1
Index: php-src/ext/wddx/tests/bug48562.phpt
+++ php-src/ext/wddx/tests/bug48562.phpt
--TEST--
Bug #48562 (Reference recursion causes segfault when used in 
wddx_serialize_vars())
--FILE--
<?php

$foo = 'bar';

$a['x'] = 'foo';
$a['x'] = &$a;

var_dump(wddx_serialize_vars($a));

$a['x'] = 'foo';
$a['x'] = $a;

var_dump(wddx_serialize_vars($a));

?>
--EXPECTF--
Warning: wddx_serialize_vars(): recursion detected in %s on line %d
string(78) "<wddxPacket 
version='1.0'><header/><data><struct></struct></data></wddxPacket>"
string(120) "<wddxPacket version='1.0'><header/><data><struct><var 
name='foo'><string>bar</string></var></struct></data></wddxPacket>"



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_3) /ext/wddx wddx.c /ext/wddx/tests bug48562.phpt

Reply via email to