?? ??? 2005, Version 4.4.2
- Prevent header injection by limiting each header to a single line. (Ilia)
- Fixed possible XSS inside error reporting functionality. (Ilia)
+- Fixed bug #35817 (unpack() does not decode odd number of hexadecimal values).
+ (Ilia)
- Fixed bug #35735 ($EGREP not defined in configure). (Jani)
- Fixed bug #35655 (whitespace following end of heredoc is lost). (Ilia)
- Fixed bug #35646 (%{mod_php_memory_usage}n is not reset after exit).
switch ((int) code) {
case 'h':
case 'H':
- INC_OUTPUTPOS((arg + 1) / 2,1) /* 4 bit per arg */
+ INC_OUTPUTPOS((arg + (arg % 2)) / 2,1) /* 4 bit per arg */
break;
case 'a':
while (formatlen-- > 0) {
char type = *(format++);
char c;
- int arg = 1;
+ int arg = 1, argb;
char *name;
int namelen;
int size=0;
/* Get of new value in array */
name = format;
+ argb = arg;
while (formatlen > 0 && *format != '/') {
formatlen--;
case 'h':
case 'H':
- size = (arg > 0) ? arg / 2 : arg;
+ size = (arg > 0) ? (arg + (arg % 2)) / 2 : arg;
arg = 1;
break;
len = size * 2;
}
+ len -= argb % 2;
+
buf = emalloc(len + 1);
for (ipos = opos = 0; opos < len; opos++) {
--- /dev/null
+--TEST--
+Bug #35817 (unpack() does not decode odd number of hexadecimal values)
+--FILE--
+<?php
+$a = pack("H3","181");
+$b = unpack("H3", $a);
+var_dump($b);
+
+$a = pack("H2","18");
+$b = unpack("H2", $a);
+var_dump($b);
+
+$a = pack("H","1");
+$b = unpack("H", $a);
+var_dump($b);
+?>
+--EXPECT--
+array(1) {
+ [1]=>
+ string(3) "181"
+}
+array(1) {
+ [1]=>
+ string(2) "18"
+}
+array(1) {
+ [1]=>
+ string(1) "1"
+}