-static inline int parse_iv2(const char *p, const char **q)
+static inline int parse_iv2(const unsigned char *p, const unsigned char **q)
{
char cursor;
int result = 0;
}
while (1) {
- cursor = *p;
+ cursor = (char)*p;
if (cursor >= '0' && cursor <= '9') {
result = result * 10 + cursor - '0';
} else {
return result;
}
-static inline int parse_iv(const char *p)
+static inline int parse_iv(const unsigned char *p)
{
return parse_iv2(p, NULL);
}
-#define UNSERIALIZE_PARAMETER zval **rval, const char **p, const char *max, php_unserialize_data_t *var_hash TSRMLS_DC
+/* no need to check for length - re2c already did */
+static inline size_t parse_uiv(const unsigned char *p)
+{
+ unsigned char cursor;
+ size_t result = 0;
+
+ if (*p == '+') {
+ p++;
+ }
+
+ while (1) {
+ cursor = *p;
+ if (cursor >= '0' && cursor <= '9') {
+ result = result * 10 + (size_t)(cursor - (unsigned char)'0');
+ } else {
+ break;
+ }
+ p++;
+ }
+ return result;
+}
+
+#define UNSERIALIZE_PARAMETER zval **rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC
#define UNSERIALIZE_PASSTHRU rval, p, max, var_hash TSRMLS_CC
static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements)
return 0;
}
+ if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) {
+ zval_dtor(key);
+ FREE_ZVAL(key);
+ return 0;
+ }
+
ALLOC_INIT_ZVAL(data);
if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
case IS_STRING:
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
break;
-
}
zval_dtor(key);
FREE_ZVAL(key);
+
+ if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
+ (*p)--;
+ return 0;
+ }
}
return 1;
return 1;
}
-"b:" iv ";" {
+"b:" [01] ";" {
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_BOOL(*rval, parse_iv(start + 2));
}
"s:" uiv ":" ["] {
- int len;
+ size_t len, maxlen;
char *str;
- len = parse_iv(start + 2);
+ len = parse_uiv(start + 2);
+ maxlen = max - YYCURSOR;
+ if (maxlen < len) {
+ *p = start + 2;
+ return 0;
+ }
+
+ str = (char*)YYCURSOR;
+
+ YYCURSOR += len;
- if (len == 0) {
- str = empty_string;
- } else {
- str = estrndup(YYCURSOR, len);
+ if (*(YYCURSOR) != '"') {
+ *p = YYCURSOR;
+ return 0;
}
- YYCURSOR += len + 2;
+ YYCURSOR += 2;
*p = YYCURSOR;
INIT_PZVAL(*rval);
- ZVAL_STRINGL(*rval, str, len, 0);
+ ZVAL_STRINGL(*rval, str, len, 1);
return 1;
}
}
"O:" uiv ":" ["] {
- int len;
+ size_t len, len2, maxlen;
int elements;
- int len2;
char *class_name;
zend_class_entry *ce;
zend_class_entry **pce;
zval *arg_func_name;
INIT_PZVAL(*rval);
- len2 = len = parse_iv(start + 2);
- if (len == 0)
+ len2 = len = parse_uiv(start + 2);
+ maxlen = max - YYCURSOR;
+ if (maxlen < len || len == 0) {
+ *p = start + 2;
return 0;
+ }
+
+ class_name = (char*)YYCURSOR;
- class_name = estrndup(YYCURSOR, len);
YYCURSOR += len;
+ if (*(YYCURSOR) != '"') {
+ *p = YYCURSOR;
+ return 0;
+ }
+ if (*(YYCURSOR+1) != ':') {
+ *p = YYCURSOR+1;
+ return 0;
+ }
+
+ class_name = estrndup(class_name, len);
+
do {
/* Try to find class directly */
if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
projects / php / commitdiff