diff options
author | Antony Dovgal <tony2001@php.net> | 2006-05-19 10:37:32 +0000 |
---|---|---|
committer | Antony Dovgal <tony2001@php.net> | 2006-05-19 10:37:32 +0000 |
commit | 7eda78c8ce9b76afbb51264229be1e6097582cac (patch) | |
tree | 815549343ef3dd05fbd6f5e99c0291d26c5c6722 | |
parent | 5795b68a12bb4f6f2150b3e3414a041f8ab73f31 (diff) | |
download | php-git-7eda78c8ce9b76afbb51264229be1e6097582cac.tar.gz |
MFH fix for #34306 (wddx_serialize_value() crashes with long array keys)
-rw-r--r-- | ext/wddx/wddx.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c index 0b59a0afbf..a375997556 100644 --- a/ext/wddx/wddx.c +++ b/ext/wddx/wddx.c @@ -432,7 +432,7 @@ static void php_wddx_serialize_number(wddx_packet *packet, zval *var) tmp = *var; zval_copy_ctor(&tmp); convert_to_string(&tmp); - sprintf(tmp_buf, WDDX_NUMBER, Z_STRVAL(tmp)); + snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp)); zval_dtor(&tmp); php_wddx_add_chunk(packet, tmp_buf); @@ -624,17 +624,19 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr) */ void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name_len TSRMLS_DC) { - char tmp_buf[WDDX_BUF_LEN]; + char *tmp_buf; char *name_esc; int name_esc_len; if (name) { name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC); - sprintf(tmp_buf, WDDX_VAR_S, name_esc); + tmp_buf = emalloc(name_esc_len + 1); + snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc); php_wddx_add_chunk(packet, tmp_buf); + efree(tmp_buf); efree(name_esc); } - + switch(Z_TYPE_P(var)) { case IS_STRING: php_wddx_serialize_string(packet, var); |