[PHP-CVS] com php-src: Fixed bug #64825 Invalid free unserializing DateTimeZone: NEWS ext/date/php_date.c

Sun, 12 May 2013 12:32:00 -0700 

Commit:    e44849b0f466212f8101e165ce56cf73e8a5bc4c
Author:    Anatol Belski <a...@php.net>         Sun, 12 May 2013 21:29:16 +0200
Parents:   3fd39c13f9b3e982ffccf66b40ec1ed05b5146d6
Branches:  PHP-5.5 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=e44849b0f466212f8101e165ce56cf73e8a5bc4c

Log:
Fixed bug #64825 Invalid free unserializing DateTimeZone

Bugs:
https://bugs.php.net/64825

Changed paths:
  M  NEWS
  M  ext/date/php_date.c


Diff:
diff --git a/NEWS b/NEWS
index 4d6f957..f98388d 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,10 @@ PHP                                                          
              NEWS
   . Fixed bug #64821 (Custom Exceptions crash when internal properties 
overridden).
       (Anatol)
 
+- DateTime
+  . Fixed bug #64825 (Invalid free when unserializing DateTimeZone).
+    (Anatol)
+
 09 May 2013, PHP 5.5.0 Release Candidate 1
 
 - FPM:
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index 808dc5a..d09d254 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -3704,27 +3704,30 @@ static int php_date_timezone_initialize_from_hash(zval 
**return_value, php_timez
        zval            **z_timezone = NULL;
        zval            **z_timezone_type = NULL;
        timelib_tzinfo  *tzi;
-       char                    **offset;
 
        if (zend_hash_find(myht, "timezone_type", 14, (void**) 
&z_timezone_type) == SUCCESS) {
                if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) 
== SUCCESS) {
                        convert_to_long(*z_timezone_type);
                        switch (Z_LVAL_PP(z_timezone_type)) {
-                               case TIMELIB_ZONETYPE_OFFSET:
-                                       offset = malloc(sizeof(char) * 
(Z_STRLEN_PP(z_timezone) + 1));
-                                       *offset = (Z_STRVAL_PP(z_timezone));
-                                       if(**offset == '+'){
-                                               ++*offset;
-                                               (*tzobj)->tzi.utc_offset = -1 * 
timelib_parse_tz_cor((char **)offset);
+                               case TIMELIB_ZONETYPE_OFFSET: {
+                                       char *offset, *offset_start;
+
+                                       offset = emalloc(sizeof(char) * 
(Z_STRLEN_PP(z_timezone) + 1));
+                                       memmove(offset, 
Z_STRVAL_PP(z_timezone), Z_STRLEN_PP(z_timezone)+1);
+                                       offset_start = offset;
+
+                                       ++offset;
+                                       if(*offset_start == '+'){
+                                               (*tzobj)->tzi.utc_offset = -1 * 
timelib_parse_tz_cor(&offset);
                                        } else {
-                                               ++*offset;
-                                               (*tzobj)->tzi.utc_offset = 
timelib_parse_tz_cor((char **)offset);
+                                               (*tzobj)->tzi.utc_offset = 
timelib_parse_tz_cor(&offset);
                                        }
-                                       free(offset);
+                                       efree(offset_start);
                                        (*tzobj)->type = 
TIMELIB_ZONETYPE_OFFSET;
                                        (*tzobj)->initialized = 1;
                                        return SUCCESS;
                                        break;
+                               }
                                case TIMELIB_ZONETYPE_ABBR:
                                case TIMELIB_ZONETYPE_ID:
                                        if (SUCCESS == 
timezone_initialize(&tzi, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) {


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to