[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard var_unserializer.c var_unserializer.re /ext/standard/tests/serialize unserializeS.phpt
dmitry Mon Jul 9 14:31:56 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard var_unserializer.c var_unserializer.re /php-src/ext/standard/tests/serialize unserializeS.phpt Log: Proper fix for MOPB-29 http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var_unserializer.c?r1=1.70.2.4.2.5r2=1.70.2.4.2.6diff_format=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.70.2.4.2.5 php-src/ext/standard/var_unserializer.c:1.70.2.4.2.6 --- php-src/ext/standard/var_unserializer.c:1.70.2.4.2.5Tue Mar 27 09:29:10 2007 +++ php-src/ext/standard/var_unserializer.c Mon Jul 9 14:31:56 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.70.2.4.2.5 2007/03/27 09:29:10 tony2001 Exp $ */ +/* $Id: var_unserializer.c,v 1.70.2.4.2.6 2007/07/09 14:31:56 dmitry Exp $ */ #include php.h #include ext/standard/php_var.h @@ -140,18 +140,22 @@ /* }}} */ -static char *unserialize_str(const unsigned char **p, size_t *len) +static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen) { size_t i, j; char *str = safe_emalloc(*len, 1, 1); - unsigned char *end = *(unsigned char **)p+*len; + unsigned char *end = *(unsigned char **)p+maxlen; if(end *p) { efree(str); return NULL; } - for (i = 0; i *len *p end; i++) { + for (i = 0; i *len; i++) { + if (*p = end) { + efree(str); + return NULL; + } if (**p != '\\') { str[i] = (char)**p; } else { @@ -757,7 +761,7 @@ return 0; } - if ((str = unserialize_str(YYCURSOR, len)) == NULL) { + if ((str = unserialize_str(YYCURSOR, len, maxlen)) == NULL) { return 0; } http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var_unserializer.re?r1=1.52.2.2.2.3r2=1.52.2.2.2.4diff_format=u Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.52.2.2.2.3 php-src/ext/standard/var_unserializer.re:1.52.2.2.2.4 --- php-src/ext/standard/var_unserializer.re:1.52.2.2.2.3 Tue Mar 27 09:29:10 2007 +++ php-src/ext/standard/var_unserializer.reMon Jul 9 14:31:56 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.52.2.2.2.3 2007/03/27 09:29:10 tony2001 Exp $ */ +/* $Id: var_unserializer.re,v 1.52.2.2.2.4 2007/07/09 14:31:56 dmitry Exp $ */ #include php.h #include ext/standard/php_var.h @@ -138,18 +138,22 @@ /* }}} */ -static char *unserialize_str(const unsigned char **p, size_t *len) +static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen) { size_t i, j; char *str = safe_emalloc(*len, 1, 1); - unsigned char *end = *(unsigned char **)p+*len; + unsigned char *end = *(unsigned char **)p+maxlen; if(end *p) { efree(str); return NULL; } - for (i = 0; i *len *p end; i++) { + for (i = 0; i *len; i++) { + if (*p = end) { + efree(str); + return NULL; + } if (**p != '\\') { str[i] = (char)**p; } else { @@ -525,7 +529,7 @@ return 0; } - if ((str = unserialize_str(YYCURSOR, len)) == NULL) { + if ((str = unserialize_str(YYCURSOR, len, maxlen)) == NULL) { return 0; } http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/serialize/unserializeS.phpt?r1=1.1.2.1r2=1.1.2.2diff_format=u Index: php-src/ext/standard/tests/serialize/unserializeS.phpt diff -u php-src/ext/standard/tests/serialize/unserializeS.phpt:1.1.2.1 php-src/ext/standard/tests/serialize/unserializeS.phpt:1.1.2.2 --- php-src/ext/standard/tests/serialize/unserializeS.phpt:1.1.2.1 Fri Mar 23 20:15:22 2007 +++ php-src/ext/standard/tests/serialize/unserializeS.phpt Mon Jul 9 14:31:56 2007 @@ -11,4 +11,4 @@ var_dump($data); --EXPECT-- -string(100) +bool(false) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard var_unserializer.c var_unserializer.re /ext/standard/tests/serialize unserializeS.phpt
stasFri Mar 23 20:15:22 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/serialize unserializeS.phpt Modified files: /php-src/ext/standard var_unserializer.c var_unserializer.re Log: fix MOPB-29 - unserialize modifier S does not calculate length correctly # reported by Stefan Esser http://cvs.php.net/viewvc.cgi/php-src/ext/standard/var_unserializer.c?r1=1.70.2.4.2.2r2=1.70.2.4.2.3diff_format=u Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.70.2.4.2.2 php-src/ext/standard/var_unserializer.c:1.70.2.4.2.3 --- php-src/ext/standard/var_unserializer.c:1.70.2.4.2.2Mon Jan 1 09:36:09 2007 +++ php-src/ext/standard/var_unserializer.c Fri Mar 23 20:15:21 2007 @@ -1,10 +1,10 @@ -/* Generated by re2c 0.9.12 on Thu Dec 14 15:59:31 2006 */ +/* Generated by re2c 0.11.2 on Fri Mar 23 13:13:16 2007 */ #line 1 ext/standard/var_unserializer.re /* +--+ | PHP Version 5| +--+ - | Copyright (c) 1997-2007 The PHP Group| + | Copyright (c) 1997-2006 The PHP Group| +--+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is| @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.70.2.4.2.2 2007/01/01 09:36:09 sebastian Exp $ */ +/* $Id: var_unserializer.c,v 1.70.2.4.2.3 2007/03/23 20:15:21 stas Exp $ */ #include php.h #include ext/standard/php_var.h @@ -140,12 +140,18 @@ /* }}} */ -static char *unserialize_str(const unsigned char **p, int len) +static char *unserialize_str(const unsigned char **p, size_t *len) { - int i, j; - char *str = emalloc(len+1); + size_t i, j; + char *str = safe_emalloc(*len, 1, 1); + unsigned char *end = *p+*len; - for (i = 0; i len; i++) { + if(end *p) { + efree(str); + return NULL; + } + + for (i = 0; i *len *p end; i++) { if (**p != '\\') { str[i] = (char)**p; } else { @@ -169,6 +175,7 @@ (*p)++; } str[i] = 0; + *len = i; return str; } @@ -179,7 +186,7 @@ #define YYMARKER marker -#line 187 ext/standard/var_unserializer.re +#line 194 ext/standard/var_unserializer.re @@ -386,53 +393,16 @@ -{ - static unsigned char yybm[] = { - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 128, 128, 128, 128, 128, 128, 128, 128, - 128, 128, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - }; -#line 426 ext/standard/var_unserializer.c +#line 398 stdout { YYCTYPE yych; - unsigned int yyaccept = 0; - goto yy0; - ++YYCURSOR; -yy0: + if((YYLIMIT - YYCURSOR) 7) YYFILL(7); yych = *YYCURSOR; - switch(yych){ - case 'C': case 'O': goto yy13; + switch(yych) { + case 'C': + case 'O': goto yy13; case 'N': goto yy5; case 'R': goto yy2; case 'S': goto yy10; @@ -446,97 +416,150 @@ case '}':