[PHP-CVS] com php-src: Fixed bug #62852 Unserialize Invalid Date crash: NEWS ext/date/php_date.c ext/date/tests/bug62852.phpt ext/date/tests/bug62852_var2.phpt ext/date/tests/bug62852_var3.phpt

Fri, 15 Mar 2013 13:31:30 -0700 

Commit:    f8b91d9acff10ede7bd3f2bc631794a3abef8ff7
Author:    Anatol Belski <a...@php.net>         Fri, 15 Mar 2013 21:22:35 +0100
Parents:   b1dbfb73571b051fef055dc371e05163cf73eb8b
Branches:  PHP-5.5 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=f8b91d9acff10ede7bd3f2bc631794a3abef8ff7

Log:
Fixed bug #62852 Unserialize Invalid Date crash

Error handling is the same as in bug #53437, E_ERROR if we
expect an invalid object.

Bugs:
https://bugs.php.net/62852
https://bugs.php.net/53437

Changed paths:
  M  NEWS
  M  ext/date/php_date.c
  M  ext/date/tests/bug62852.phpt
  A  ext/date/tests/bug62852_var2.phpt
  A  ext/date/tests/bug62852_var3.phpt


Diff:
diff --git a/NEWS b/NEWS
index 9dc334d..46e69d6 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ PHP                                                           
             NEWS
 - DateTime
   . Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
     (Gustavo, Derick, Anatol)
+  . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
 
 07 Mar 2013, PHP 5.5.0 Alpha 6
 
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index 5224123..b454dd0 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -2674,13 +2674,15 @@ static int php_date_initialize_from_hash(zval 
**return_value, php_date_obj **dat
                                        case TIMELIB_ZONETYPE_OFFSET:
                                        case TIMELIB_ZONETYPE_ABBR: {
                                                char *tmp = 
emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2);
+                                               int ret;
                                                snprintf(tmp, 
Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", 
Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone));
-                                               php_date_initialize(*dateobj, 
tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 
TSRMLS_CC);
+                                               ret = 
php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + 
Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
                                                efree(tmp);
-                                               return 1;
+                                               return 1 == ret;
                                        }
 
-                                       case TIMELIB_ZONETYPE_ID:
+                                       case TIMELIB_ZONETYPE_ID: {
+                                               int ret;
                                                convert_to_string(*z_timezone);
 
                                                tzi = 
php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
@@ -2691,9 +2693,10 @@ static int php_date_initialize_from_hash(zval 
**return_value, php_date_obj **dat
                                                tzobj->tzi.tz = tzi;
                                                tzobj->initialized = 1;
 
-                                               php_date_initialize(*dateobj, 
Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
+                                               ret = 
php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, 
tmp_obj, 0 TSRMLS_CC);
                                                zval_ptr_dtor(&tmp_obj);
-                                               return 1;
+                                               return 1 == ret;
+                                       }
                                }
                        }
                }
@@ -2717,7 +2720,9 @@ PHP_METHOD(DateTime, __set_state)
 
        php_date_instantiate(date_ce_date, return_value TSRMLS_CC);
        dateobj = (php_date_obj *) zend_object_store_get_object(return_value 
TSRMLS_CC);
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht 
TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTime 
object");
+       }
 }
 /* }}} */
 
@@ -2737,7 +2742,9 @@ PHP_METHOD(DateTimeImmutable, __set_state)
 
        php_date_instantiate(date_ce_immutable, return_value TSRMLS_CC);
        dateobj = (php_date_obj *) zend_object_store_get_object(return_value 
TSRMLS_CC);
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht 
TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for 
DateTimeImmutable object");
+       }
 }
 /* }}} */
 
@@ -2753,7 +2760,9 @@ PHP_METHOD(DateTime, __wakeup)
 
        myht = Z_OBJPROP_P(object);
 
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht 
TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTime 
object");
+       }
 }
 /* }}} */
 
diff --git a/ext/date/tests/bug62852.phpt b/ext/date/tests/bug62852.phpt
index 26de510..7013a3f 100644
--- a/ext/date/tests/bug62852.phpt
+++ b/ext/date/tests/bug62852.phpt
@@ -1,36 +1,14 @@
 --TEST--
-Bug #62852 (Unserialize invalid DateTime causes crash)
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 1
 --INI--
 date.timezone=GMT
---XFAIL--
-bug is not fixed yet
 --FILE--
 <?php
 $s1 = 'O:8:"DateTime":3:{s:4:"date";s:20:"10007-06-07 
03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
-$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 
03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
 
-global $foo;
-
-class Foo extends DateTime {
-    function __wakeup() {
-        global $foo;
-        $foo = $this;
-        parent::__wakeup();
-    }
-}
-
-// Old test case
 try {
     unserialize( $s1 );
 } catch ( Exception $e ) {}
 
-// My test case
-try {
-    unserialize( $s2 );
-} catch ( Exception $e ) {}
-var_dump( $foo );
-
-echo "okey";
-?>
 --EXPECTF--
-okey
+Fatal error: Invalid serialization data for DateTime object in %sbug62852.php 
on line %d
diff --git a/ext/date/tests/bug62852_var2.phpt 
b/ext/date/tests/bug62852_var2.phpt
new file mode 100644
index 0000000..f93ba28
--- /dev/null
+++ b/ext/date/tests/bug62852_var2.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 2
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 
03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+    function __wakeup() {
+        global $foo;
+        $foo = $this;
+        parent::__wakeup();
+    }
+}
+
+try {
+    unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in 
%sbug62852_var2.php on line %d
diff --git a/ext/date/tests/bug62852_var3.phpt 
b/ext/date/tests/bug62852_var3.phpt
new file mode 100644
index 0000000..5a644b5
--- /dev/null
+++ b/ext/date/tests/bug62852_var3.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 3
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:19:"0000-00-00 
00:00:00";s:13:"timezone_type";i:0;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+    function __wakeup() {
+        global $foo;
+        $foo = $this;
+        parent::__wakeup();
+    }
+}
+
+try {
+    unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in 
%sbug62852_var3.php on line %d


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to