]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a62915)
Backported fix for bug #62852
authorAnatol Belski <ab@php.net>
Tue, 19 Mar 2013 20:19:55 +0000 (21:19 +0100)
committerAnatol Belski <ab@php.net>
Tue, 19 Mar 2013 20:19:55 +0000 (21:19 +0100)
NEWS patch | blob | history
ext/date/php_date.c patch | blob | history
ext/date/tests/bug62852.phpt patch | blob | history
ext/date/tests/bug62852_var2.phpt [new file with mode: 0644] patch | blob
ext/date/tests/bug62852_var3.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index c8c6f754a0ed70fbe52f3ee67954b84e54b4d90e..facb9ad154947fc095e75569900bc3f0297e5d98 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,9 @@ PHP                                                                        NEWS
   . Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
     for stmt->param_bind). (Andrey)
 
+- DateTime
+  . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
+
 
 14 Mar 2013, PHP 5.3.23
 
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index 2e616b17045d4e607b394765352108b93ed0de86..e27be7d81eb9134741fa00e0fdbe95e6d02f6e1e 100644 (file)
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -2554,13 +2554,15 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
                                        case TIMELIB_ZONETYPE_OFFSET:
                                        case TIMELIB_ZONETYPE_ABBR: {
                                                char *tmp = emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2);
+                                               int ret;
                                                snprintf(tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone));
-                                               php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
+                                               ret = php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
                                                efree(tmp);
-                                               return 1;
+                                               return 1 == ret;
                                        }
 
-                                       case TIMELIB_ZONETYPE_ID:
+                                       case TIMELIB_ZONETYPE_ID: {
+                                               int ret;
                                                convert_to_string(*z_timezone);
 
                                                tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
@@ -2571,9 +2573,10 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
                                                tzobj->tzi.tz = tzi;
                                                tzobj->initialized = 1;
 
-                                               php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
+                                               ret = php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
                                                zval_ptr_dtor(&tmp_obj);
-                                               return 1;
+                                               return 1 == ret;
+                                       }
                                }
                        }
                }
@@ -2597,7 +2600,9 @@ PHP_METHOD(DateTime, __set_state)
 
        php_date_instantiate(date_ce_date, return_value TSRMLS_CC);
        dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTime object");
+       }
 }
 /* }}} */
 
@@ -2613,7 +2618,9 @@ PHP_METHOD(DateTime, __wakeup)
 
        myht = Z_OBJPROP_P(object);
 
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTime object");
+       }
 }
 /* }}} */
 
diff --git a/ext/date/tests/bug62852.phpt b/ext/date/tests/bug62852.phpt
index 26de510215113b087396d6d4cdbccde39c730ee2..7013a3f97c52295fc04c45982be800f45be6351c 100644 (file)
--- a/ext/date/tests/bug62852.phpt
+++ b/ext/date/tests/bug62852.phpt
@@ -1,36 +1,14 @@
 --TEST--
-Bug #62852 (Unserialize invalid DateTime causes crash)
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 1
 --INI--
 date.timezone=GMT
---XFAIL--
-bug is not fixed yet
 --FILE--
 <?php
 $s1 = 'O:8:"DateTime":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
-$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
 
-global $foo;
-
-class Foo extends DateTime {
-    function __wakeup() {
-        global $foo;
-        $foo = $this;
-        parent::__wakeup();
-    }
-}
-
-// Old test case
 try {
     unserialize( $s1 );
 } catch ( Exception $e ) {}
 
-// My test case
-try {
-    unserialize( $s2 );
-} catch ( Exception $e ) {}
-var_dump( $foo );
-
-echo "okey";
-?>
 --EXPECTF--
-okey
+Fatal error: Invalid serialization data for DateTime object in %sbug62852.php on line %d
diff --git a/ext/date/tests/bug62852_var2.phpt b/ext/date/tests/bug62852_var2.phpt
new file mode 100644 (file)
index 0000000..f93ba28
--- /dev/null
+++ b/ext/date/tests/bug62852_var2.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 2
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+    function __wakeup() {
+        global $foo;
+        $foo = $this;
+        parent::__wakeup();
+    }
+}
+
+try {
+    unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in %sbug62852_var2.php on line %d
diff --git a/ext/date/tests/bug62852_var3.phpt b/ext/date/tests/bug62852_var3.phpt
new file mode 100644 (file)
index 0000000..5a644b5
--- /dev/null
+++ b/ext/date/tests/bug62852_var3.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 3
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:19:"0000-00-00 00:00:00";s:13:"timezone_type";i:0;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+    function __wakeup() {
+        global $foo;
+        $foo = $this;
+        parent::__wakeup();
+    }
+}
+
+try {
+    unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in %sbug62852_var3.php on line %d
Unnamed repository; edit this file 'description' to name the repository.