diff options
| author | Anatol Belski <ab@php.net> | 2014-04-18 15:13:32 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2014-04-18 15:13:32 +0200 |
| commit | c2acdbdd3deb6787329bf0aca8ab0c04ace2a50c (patch) | |
| tree | 3d85d0907c08bdd6e3c686636a2da77ccf54a048 | |
| parent | 6e1e98d7b833492594aea9cf416905b42f8ee0f4 (diff) | |
| download | php-git-c2acdbdd3deb6787329bf0aca8ab0c04ace2a50c.tar.gz | |
Improved the fix for bug #67072, thanks Nikita
| -rw-r--r-- | ext/standard/tests/serialize/005.phpt | 9 | ||||
| -rw-r--r-- | ext/standard/tests/serialize/bug67072.phpt | 9 | ||||
| -rw-r--r-- | ext/standard/var_unserializer.c | 69 | ||||
| -rw-r--r-- | ext/standard/var_unserializer.re | 7 |
4 files changed, 50 insertions, 44 deletions
diff --git a/ext/standard/tests/serialize/005.phpt b/ext/standard/tests/serialize/005.phpt index 87a3fb3ab7..2df270154d 100644 --- a/ext/standard/tests/serialize/005.phpt +++ b/ext/standard/tests/serialize/005.phpt @@ -156,10 +156,11 @@ object(TestNAOld)#%d (0) { } ===NANew=== unserializer(TestNANew) -TestNew::unserialize() -TestNew::__wakeup() -object(TestNANew)#%d (0) { -} + +Warning: Erroneous data format for unserializing 'TestNANew' in %s005.php on line %d + +Notice: unserialize(): Error at offset 19 of 20 bytes in %s005.php on line %d +bool(false) ===NANew2=== unserializer(TestNANew2) TestNew::unserialize() diff --git a/ext/standard/tests/serialize/bug67072.phpt b/ext/standard/tests/serialize/bug67072.phpt index 3e7d33ba8a..951db75a07 100644 --- a/ext/standard/tests/serialize/bug67072.phpt +++ b/ext/standard/tests/serialize/bug67072.phpt @@ -6,8 +6,7 @@ Bug #67072 Echoing unserialized "SplFileObject" crash ?> ===DONE== --EXPECTF-- -Fatal error: Uncaught exception 'Exception' with message 'Unserialization of 'SplFileObject' is not allowed' in %sbug67072.php:2 -Stack trace: -#0 %sbug67072.php(2): unserialize('O:13:"SplFileOb...') -#1 {main} - thrown in %sbug67072.php on line 2 +Warning: Erroneous data format for unserializing 'SplFileObject' in %sbug67072.php on line %d + +Notice: unserialize(): Error at offset 24 of 64 bytes in %sbug67072.php on line %d +===DONE== diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 8db00c239f..003bac9547 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Thu Apr 17 10:03:26 2014 */ +/* Generated by re2c 0.13.5 on Fri Apr 18 15:07:27 2014 */ #line 1 "ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ @@ -396,9 +396,12 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) (*p) += 2; - if (ce->unserialize == NULL) { + if (ce->serialize == NULL) { object_init_ex(*rval, ce); - } else if (ce->unserialize(rval, ce, (const unsigned char*)*p, elements, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) { + } else { + /* If this class implements Serializable, it should not land here but in object_custom(). The passed string + obviously doesn't descend from the regular serializer. */ + zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name); return 0; } @@ -466,7 +469,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) -#line 470 "ext/standard/var_unserializer.c" +#line 473 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -526,9 +529,9 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 821 "ext/standard/var_unserializer.re" +#line 824 "ext/standard/var_unserializer.re" { return 0; } -#line 532 "ext/standard/var_unserializer.c" +#line 535 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -571,13 +574,13 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 815 "ext/standard/var_unserializer.re" +#line 818 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 581 "ext/standard/var_unserializer.c" +#line 584 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -607,7 +610,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 669 "ext/standard/var_unserializer.re" +#line 672 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; long elements; @@ -753,7 +756,7 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 757 "ext/standard/var_unserializer.c" +#line 760 "ext/standard/var_unserializer.c" yy25: yych = *++YYCURSOR; if (yych <= ',') { @@ -778,7 +781,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 661 "ext/standard/var_unserializer.re" +#line 664 "ext/standard/var_unserializer.re" { INIT_PZVAL(*rval); @@ -786,7 +789,7 @@ yy27: return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 790 "ext/standard/var_unserializer.c" +#line 793 "ext/standard/var_unserializer.c" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; @@ -807,7 +810,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 641 "ext/standard/var_unserializer.re" +#line 644 "ext/standard/var_unserializer.re" { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -827,7 +830,7 @@ yy34: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 831 "ext/standard/var_unserializer.c" +#line 834 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -848,7 +851,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 612 "ext/standard/var_unserializer.re" +#line 615 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -877,7 +880,7 @@ yy41: ZVAL_STRINGL(*rval, str, len, 0); return 1; } -#line 881 "ext/standard/var_unserializer.c" +#line 884 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -898,7 +901,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 584 "ext/standard/var_unserializer.re" +#line 587 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -926,7 +929,7 @@ yy48: ZVAL_STRINGL(*rval, str, len, 1); return 1; } -#line 930 "ext/standard/var_unserializer.c" +#line 933 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -1014,7 +1017,7 @@ yy61: } yy63: ++YYCURSOR; -#line 574 "ext/standard/var_unserializer.re" +#line 577 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 use_double: @@ -1024,7 +1027,7 @@ use_double: ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 1028 "ext/standard/var_unserializer.c" +#line 1031 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1083,7 +1086,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 559 "ext/standard/var_unserializer.re" +#line 562 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -1098,7 +1101,7 @@ yy73: return 1; } -#line 1102 "ext/standard/var_unserializer.c" +#line 1105 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1125,7 +1128,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 532 "ext/standard/var_unserializer.re" +#line 535 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1152,7 +1155,7 @@ yy79: ZVAL_LONG(*rval, parse_iv(start + 2)); return 1; } -#line 1156 "ext/standard/var_unserializer.c" +#line 1159 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1160,24 +1163,24 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 525 "ext/standard/var_unserializer.re" +#line 528 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_BOOL(*rval, parse_iv(start + 2)); return 1; } -#line 1171 "ext/standard/var_unserializer.c" +#line 1174 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 518 "ext/standard/var_unserializer.re" +#line 521 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_NULL(*rval); return 1; } -#line 1181 "ext/standard/var_unserializer.c" +#line 1184 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1200,7 +1203,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 495 "ext/standard/var_unserializer.re" +#line 498 "ext/standard/var_unserializer.re" { long id; @@ -1223,7 +1226,7 @@ yy91: return 1; } -#line 1227 "ext/standard/var_unserializer.c" +#line 1230 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1246,7 +1249,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 474 "ext/standard/var_unserializer.re" +#line 477 "ext/standard/var_unserializer.re" { long id; @@ -1267,9 +1270,9 @@ yy97: return 1; } -#line 1271 "ext/standard/var_unserializer.c" +#line 1274 "ext/standard/var_unserializer.c" } -#line 823 "ext/standard/var_unserializer.re" +#line 826 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 1f71bb759d..b3f5d29ca2 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -400,9 +400,12 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) (*p) += 2; - if (ce->unserialize == NULL) { + if (ce->serialize == NULL) { object_init_ex(*rval, ce); - } else if (ce->unserialize(rval, ce, (const unsigned char*)*p, elements, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) { + } else { + /* If this class implements Serializable, it should not land here but in object_custom(). The passed string + obviously doesn't descend from the regular serializer. */ + zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name); return 0; } |