Commit: f8b91d9acff10ede7bd3f2bc631794a3abef8ff7 Author: Anatol Belski <a...@php.net> Fri, 15 Mar 2013 21:22:35 +0100 Parents: b1dbfb73571b051fef055dc371e05163cf73eb8b Branches: PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f8b91d9acff10ede7bd3f2bc631794a3abef8ff7 Log: Fixed bug #62852 Unserialize Invalid Date crash Error handling is the same as in bug #53437, E_ERROR if we expect an invalid object. Bugs: https://bugs.php.net/62852 https://bugs.php.net/53437 Changed paths: M NEWS M ext/date/php_date.c M ext/date/tests/bug62852.phpt A ext/date/tests/bug62852_var2.phpt A ext/date/tests/bug62852_var3.phpt Diff: diff --git a/NEWS b/NEWS index 9dc334d..46e69d6 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ PHP NEWS - DateTime . Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol) + . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol) 07 Mar 2013, PHP 5.5.0 Alpha 6 diff --git a/ext/date/php_date.c b/ext/date/php_date.c index 5224123..b454dd0 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -2674,13 +2674,15 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat case TIMELIB_ZONETYPE_OFFSET: case TIMELIB_ZONETYPE_ABBR: { char *tmp = emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2); + int ret; snprintf(tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone)); - php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC); + ret = php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC); efree(tmp); - return 1; + return 1 == ret; } - case TIMELIB_ZONETYPE_ID: + case TIMELIB_ZONETYPE_ID: { + int ret; convert_to_string(*z_timezone); tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); @@ -2691,9 +2693,10 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat tzobj->tzi.tz = tzi; tzobj->initialized = 1; - php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC); + ret = php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC); zval_ptr_dtor(&tmp_obj); - return 1; + return 1 == ret; + } } } } @@ -2717,7 +2720,9 @@ PHP_METHOD(DateTime, __set_state) php_date_instantiate(date_ce_date, return_value TSRMLS_CC); dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC); - php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC); + if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) { + php_error(E_ERROR, "Invalid serialization data for DateTime object"); + } } /* }}} */ @@ -2737,7 +2742,9 @@ PHP_METHOD(DateTimeImmutable, __set_state) php_date_instantiate(date_ce_immutable, return_value TSRMLS_CC); dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC); - php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC); + if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) { + php_error(E_ERROR, "Invalid serialization data for DateTimeImmutable object"); + } } /* }}} */ @@ -2753,7 +2760,9 @@ PHP_METHOD(DateTime, __wakeup) myht = Z_OBJPROP_P(object); - php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC); + if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) { + php_error(E_ERROR, "Invalid serialization data for DateTime object"); + } } /* }}} */ diff --git a/ext/date/tests/bug62852.phpt b/ext/date/tests/bug62852.phpt index 26de510..7013a3f 100644 --- a/ext/date/tests/bug62852.phpt +++ b/ext/date/tests/bug62852.phpt @@ -1,36 +1,14 @@ --TEST-- -Bug #62852 (Unserialize invalid DateTime causes crash) +Bug #62852 (Unserialize invalid DateTime causes crash), variation 1 --INI-- date.timezone=GMT ---XFAIL-- -bug is not fixed yet --FILE-- <?php $s1 = 'O:8:"DateTime":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}'; -$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}'; -global $foo; - -class Foo extends DateTime { - function __wakeup() { - global $foo; - $foo = $this; - parent::__wakeup(); - } -} - -// Old test case try { unserialize( $s1 ); } catch ( Exception $e ) {} -// My test case -try { - unserialize( $s2 ); -} catch ( Exception $e ) {} -var_dump( $foo ); - -echo "okey"; -?> --EXPECTF-- -okey +Fatal error: Invalid serialization data for DateTime object in %sbug62852.php on line %d diff --git a/ext/date/tests/bug62852_var2.phpt b/ext/date/tests/bug62852_var2.phpt new file mode 100644 index 0000000..f93ba28 --- /dev/null +++ b/ext/date/tests/bug62852_var2.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #62852 (Unserialize invalid DateTime causes crash), variation 2 +--INI-- +date.timezone=GMT +--FILE-- +<?php +$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}'; + +global $foo; + +class Foo extends DateTime { + function __wakeup() { + global $foo; + $foo = $this; + parent::__wakeup(); + } +} + +try { + unserialize( $s2 ); +} catch ( Exception $e ) {} +var_dump( $foo ); + +--EXPECTF-- +Fatal error: Invalid serialization data for DateTime object in %sbug62852_var2.php on line %d diff --git a/ext/date/tests/bug62852_var3.phpt b/ext/date/tests/bug62852_var3.phpt new file mode 100644 index 0000000..5a644b5 --- /dev/null +++ b/ext/date/tests/bug62852_var3.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #62852 (Unserialize invalid DateTime causes crash), variation 3 +--INI-- +date.timezone=GMT +--FILE-- +<?php +$s2 = 'O:3:"Foo":3:{s:4:"date";s:19:"0000-00-00 00:00:00";s:13:"timezone_type";i:0;s:8:"timezone";s:3:"UTC";}'; + +global $foo; + +class Foo extends DateTime { + function __wakeup() { + global $foo; + $foo = $this; + parent::__wakeup(); + } +} + +try { + unserialize( $s2 ); +} catch ( Exception $e ) {} +var_dump( $foo ); + +--EXPECTF-- +Fatal error: Invalid serialization data for DateTime object in %sbug62852_var3.php on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php