tests bug42189.phpt

Ilia Alshanetsky Tue, 18 Sep 2007 12:50:09 -0700

iliaa           Tue Sep 18 19:49:54 2007 UTC

  Added files:                 (Branch: PHP_5_2)
    /php-src/ext/xmlrpc/tests   bug42189.phpt


  Modified files:              
    /php-src/ext/xmlrpc xmlrpc-epi-php.c 
    /php-src/ext/xmlrpc/libxmlrpc       xmlrpc.c 
    /php-src    NEWS 
  Log:
  
  Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
    values).
  
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/xmlrpc-epi-php.c?r1=1.39.2.5.2.5&r2=1.39.2.5.2.6&diff_format=u
Index: php-src/ext/xmlrpc/xmlrpc-epi-php.c
diff -u php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.5 
php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.6
--- php-src/ext/xmlrpc/xmlrpc-epi-php.c:1.39.2.5.2.5    Fri Jan 12 12:32:15 2007
+++ php-src/ext/xmlrpc/xmlrpc-epi-php.c Tue Sep 18 19:49:53 2007
@@ -51,7 +51,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: xmlrpc-epi-php.c,v 1.39.2.5.2.5 2007/01/12 12:32:15 tony2001 Exp $ */
+/* $Id: xmlrpc-epi-php.c,v 1.39.2.5.2.6 2007/09/18 19:49:53 iliaa Exp $ */
 
 /**********************************************************************
 * BUGS:                                                               *
@@ -1325,9 +1325,13 @@
                   if(SUCCESS == zend_hash_update(Z_OBJPROP_P(value), 
OBJECT_TYPE_ATTR, sizeof(OBJECT_TYPE_ATTR), (void *) &type, sizeof(zval *), 
NULL)) {
                      bSuccess = zend_hash_update(Z_OBJPROP_P(value), 
OBJECT_VALUE_TS_ATTR, sizeof(OBJECT_VALUE_TS_ATTR), (void *) &ztimestamp, 
sizeof(zval *), NULL);
                   }
-               }
+               } else {
+                       zval_ptr_dtor(&type);
+              }
                XMLRPC_CleanupValue(v);
-            }
+            } else {
+               zval_ptr_dtor(&type);
+           }
          }
          else {
             convert_to_object(value);
http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c?r1=1.8.4.2&r2=1.8.4.3&diff_format=u
Index: php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c
diff -u php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.2 
php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.3
--- php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c:1.8.4.2       Thu Jun  7 09:07:36 2007
+++ php-src/ext/xmlrpc/libxmlrpc/xmlrpc.c       Tue Sep 18 19:49:53 2007
@@ -31,7 +31,7 @@
 */
 
 
-static const char rcsid[] = "#(@) $Id: xmlrpc.c,v 1.8.4.2 2007/06/07 09:07:36 
tony2001 Exp $";
+static const char rcsid[] = "#(@) $Id: xmlrpc.c,v 1.8.4.3 2007/09/18 19:49:53 
iliaa Exp $";
 
 
 /****h* ABOUT/xmlrpc
@@ -43,6 +43,11 @@
  *   9/1999 - 10/2000
  * HISTORY
  *   $Log: xmlrpc.c,v $
+ *   Revision 1.8.4.3  2007/09/18 19:49:53  iliaa
+ *
+ *   Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
+ *     values).
+ *
  *   Revision 1.8.4.2  2007/06/07 09:07:36  tony2001
  *   MFH: php_localtime_r() checks
  *
@@ -176,7 +181,7 @@
                        }
                        p++;
                }
-               text = buf;
+                       text = buf;
        }
 
 
@@ -186,15 +191,19 @@
       return -1;
    }
 
+#define XMLRPC_IS_NUMBER(x) if (x < '0' || x > '9') return -1;
+
    n = 1000;
    tm.tm_year = 0;
    for(i = 0; i < 4; i++) {
+      XMLRPC_IS_NUMBER(text[i])
       tm.tm_year += (text[i]-'0')*n;
       n /= 10;
    }
    n = 10;
    tm.tm_mon = 0;
    for(i = 0; i < 2; i++) {
+      XMLRPC_IS_NUMBER(text[i])
       tm.tm_mon += (text[i+4]-'0')*n;
       n /= 10;
    }
@@ -203,6 +212,7 @@
    n = 10;
    tm.tm_mday = 0;
    for(i = 0; i < 2; i++) {
+      XMLRPC_IS_NUMBER(text[i])
       tm.tm_mday += (text[i+6]-'0')*n;
       n /= 10;
    }
@@ -210,6 +220,7 @@
    n = 10;
    tm.tm_hour = 0;
    for(i = 0; i < 2; i++) {
+      XMLRPC_IS_NUMBER(text[i])
       tm.tm_hour += (text[i+9]-'0')*n;
       n /= 10;
    }
@@ -217,6 +228,7 @@
    n = 10;
    tm.tm_min = 0;
    for(i = 0; i < 2; i++) {
+      XMLRPC_IS_NUMBER(text[i])
       tm.tm_min += (text[i+12]-'0')*n;
       n /= 10;
    }
@@ -224,6 +236,7 @@
    n = 10;
    tm.tm_sec = 0;
    for(i = 0; i < 2; i++) {
+      XMLRPC_IS_NUMBER(text[i])
       tm.tm_sec += (text[i+15]-'0')*n;
       n /= 10;
    }
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.953&r2=1.2027.2.547.2.954&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.953 php-src/NEWS:1.2027.2.547.2.954
--- php-src/NEWS:1.2027.2.547.2.953     Tue Sep 18 09:25:03 2007
+++ php-src/NEWS        Tue Sep 18 19:49:53 2007
@@ -50,6 +50,8 @@
 - Fixed bug #42359 (xsd:list type not parsed). (Dmitry)
 - Fixed bug #42326 (SoapServer crash). (Dmitry)
 - Fixed bug #42214 (SoapServer sends clients internal PHP errors). (Dmitry)
+- Fixed bug #42189 (xmlrpc_set_type() crashes php on invalid datetime
+  values). (Ilia)
 - Fixed bug #42086 (SoapServer return Procedure '' not present for WSIBasic
   compliant wsdl). (Dmitry)
 - Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be 
overwritten

http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/tests/bug42189.phpt?view=markup&rev=1.1
Index: php-src/ext/xmlrpc/tests/bug42189.phpt
+++ php-src/ext/xmlrpc/tests/bug42189.phpt

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/xmlrpc xmlrpc-epi-php.c /ext/xmlrpc/libxmlrpc xmlrpc.c /ext/xmlrpc/tests bug42189.phpt

Reply via email to