]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9230473)
MFH:- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys)
authorfoobar <sniper@php.net>
Wed, 31 Aug 2005 14:31:44 +0000 (14:31 +0000)
committerfoobar <sniper@php.net>
Wed, 31 Aug 2005 14:31:44 +0000 (14:31 +0000)
NEWS patch | blob | history
ext/wddx/tests/bug34306.phpt [new file with mode: 0755] patch | blob
ext/wddx/wddx.c patch | blob | history

diff --git a/NEWS b/NEWS
index 516654562ddbffa0d7057c8143f8a9973d20568e..9d617e8c86c413552d0f134862230efd0698fabf 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ PHP                                                                        NEWS
 - Fixed "make test" to work for phpized extensions. (Hartmut, Jani)
 - Fixed failing queries (FALSE returned) with mysqli_query() on 64 bit systems.
   (Andrey)
+- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys). (Jani)
 - Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
   (Derick)
 - Fixed bug #34299 (ReflectionClass::isInstantiable() returns true for abstract
diff --git a/ext/wddx/tests/bug34306.phpt b/ext/wddx/tests/bug34306.phpt
new file mode 100755 (executable)
index 0000000..2212dad
--- /dev/null
+++ b/ext/wddx/tests/bug34306.phpt
@@ -0,0 +1,12 @@
+--TEST--
+#34306 (wddx_serialize_value() crashes with long array keys)
+--FILE--
+<?php
+
+$var = array('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890b12345678901234567891234567890123123121231211111' => 1);
+$buf = wddx_serialize_value($var, 'name');
+echo "OK\n";
+
+?>
+--EXPECT--
+OK
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index d6084475f948a9fb0fca74b580e09472ab55f953..df516d771ef10434065fe980e19ec3d29643db24 100644 (file)
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -422,7 +422,7 @@ static void php_wddx_serialize_number(wddx_packet *packet, zval *var)
        tmp = *var;
        zval_copy_ctor(&tmp);
        convert_to_string(&tmp);
-       sprintf(tmp_buf, WDDX_NUMBER, Z_STRVAL(tmp));
+       snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
        zval_dtor(&tmp);
 
        php_wddx_add_chunk(packet, tmp_buf);    
@@ -617,15 +617,17 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
  */
 void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name_len TSRMLS_DC)
 {
-       char tmp_buf[WDDX_BUF_LEN];
+       char *tmp_buf;
        char *name_esc;
        int name_esc_len;
        HashTable *ht;
 
        if (name) {
                name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-               sprintf(tmp_buf, WDDX_VAR_S, name_esc);
+               tmp_buf = emalloc(name_esc_len + 1);
+               snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
+               efree(tmp_buf);
                efree(name_esc);
        }
        
Unnamed repository; edit this file 'description' to name the repository.