diff options
| author | Anatol Belski <ab@php.net> | 2013-05-12 21:29:16 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2013-05-12 21:29:16 +0200 |
| commit | e44849b0f466212f8101e165ce56cf73e8a5bc4c (patch) | |
| tree | 2fac6cb75990415e6f41911cdc28c82b57d6b765 | |
| parent | 3fd39c13f9b3e982ffccf66b40ec1ed05b5146d6 (diff) | |
| download | php-git-e44849b0f466212f8101e165ce56cf73e8a5bc4c.tar.gz | |
Fixed bug #64825 Invalid free unserializing DateTimeZone
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/date/php_date.c | 23 |
2 files changed, 17 insertions, 10 deletions
@@ -12,6 +12,10 @@ PHP NEWS . Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol) +- DateTime + . Fixed bug #64825 (Invalid free when unserializing DateTimeZone). + (Anatol) + 09 May 2013, PHP 5.5.0 Release Candidate 1 - FPM: diff --git a/ext/date/php_date.c b/ext/date/php_date.c index 808dc5a377..d09d254c17 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -3704,27 +3704,30 @@ static int php_date_timezone_initialize_from_hash(zval **return_value, php_timez zval **z_timezone = NULL; zval **z_timezone_type = NULL; timelib_tzinfo *tzi; - char **offset; if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { convert_to_long(*z_timezone_type); switch (Z_LVAL_PP(z_timezone_type)) { - case TIMELIB_ZONETYPE_OFFSET: - offset = malloc(sizeof(char) * (Z_STRLEN_PP(z_timezone) + 1)); - *offset = (Z_STRVAL_PP(z_timezone)); - if(**offset == '+'){ - ++*offset; - (*tzobj)->tzi.utc_offset = -1 * timelib_parse_tz_cor((char **)offset); + case TIMELIB_ZONETYPE_OFFSET: { + char *offset, *offset_start; + + offset = emalloc(sizeof(char) * (Z_STRLEN_PP(z_timezone) + 1)); + memmove(offset, Z_STRVAL_PP(z_timezone), Z_STRLEN_PP(z_timezone)+1); + offset_start = offset; + + ++offset; + if(*offset_start == '+'){ + (*tzobj)->tzi.utc_offset = -1 * timelib_parse_tz_cor(&offset); } else { - ++*offset; - (*tzobj)->tzi.utc_offset = timelib_parse_tz_cor((char **)offset); + (*tzobj)->tzi.utc_offset = timelib_parse_tz_cor(&offset); } - free(offset); + efree(offset_start); (*tzobj)->type = TIMELIB_ZONETYPE_OFFSET; (*tzobj)->initialized = 1; return SUCCESS; break; + } case TIMELIB_ZONETYPE_ABBR: case TIMELIB_ZONETYPE_ID: if (SUCCESS == timezone_initialize(&tzi, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) { |