if (nlen)
*nlen = Z_STRLEN_PP(val);
-
- if (del)
- zend_hash_del(object_properties, MAGIC_MEMBER, sizeof(MAGIC_MEMBER));
}
return (retval);
if (Z_OBJCE_P(struc) == BG(incomplete_class)) { \
class_name = php_lookup_class_name(struc, &name_len, 1 TSRMLS_CC); \
free_class_name = 1; \
+ incomplete_class = 1; \
} else { \
class_name = Z_OBJCE_P(struc)->name; \
name_len = Z_OBJCE_P(struc)->name_length; \
#define PHP_CLASS_ATTRIBUTES \
char *class_name; \
size_t name_len; \
- zend_bool free_class_name = 0 \
+ zend_bool free_class_name = 0; \
+ zend_bool incomplete_class = 0
#define INCOMPLETE_CLASS "__PHP_Incomplete_Class"
#define MAGIC_MEMBER "__PHP_Incomplete_Class_Name"
typedef struct php_unserialize_data php_unserialize_data_t;
PHPAPI void php_var_serialize(smart_str *buf, zval **struc, php_serialize_data_t *var_hash TSRMLS_DC);
-PHPAPI int php_var_unserialize(zval **rval, const char **p, const char *max, php_unserialize_data_t *var_hash TSRMLS_DC);
+PHPAPI int php_var_unserialize(zval **rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC);
#define PHP_VAR_SERIALIZE_INIT(var_hash) \
zend_hash_init(&(var_hash), 10, NULL, NULL, 0)
--TEST--
Bug #22414: passthru() does not read data correctly
+--SKIPIF--
+<?php if (strtolower(@getenv('TEST_PHP_EXECUTABLE'))=='auto') die('skip: TEST_PHP_EXECUTABLE = auto'); ?>
--INI--
safe_mode=
output_handler=
--TEST--
serialize()/unserialize()/var_dump()
---POST--
---GET--
--FILE--
<?php
class t
class s
{
+ var $a;
+ var $b;
+ var $c;
+
function s()
{
$this->a = "hallo";
$this->b = "php";
$this->c = "world";
+ $this->d = "!";
}
function __sleep()
__sleep called
O:1:"s":2:{s:1:"a";s:5:"hallo";s:1:"c";s:5:"world";}
__wakeup called
-object(s)(2) {
+object(s)(3) {
["a"]=>
string(5) "hallo"
+ ["b"]=>
+ NULL
["c"]=>
string(5) "world"
}
--TEST--
-serialize() (Bug #14293)
---POST--
---GET--
+Bug #25378 (unserialize() crashes with invalid data)
--FILE--
<?php
-class t
-{
- function t()
- {
- $this->a = 'hello';
- }
-
- function __sleep()
- {
- echo "__sleep called\n";
- return array('a','b');
- }
-}
-
-$t = new t();
-$data = serialize($t);
-echo "$data\n";
-$t = unserialize($data);
-var_dump($t);
-
+var_dump(unserialize('b:0;'));
+var_dump(unserialize('b:1;'));
+var_dump(unserialize('i:823;'));
+var_dump(unserialize('s:0:"";'));
+var_dump(unserialize('s:3:"foo";'));
+var_dump(unserialize('a:1:{i:0;s:2:"12";}'));
+var_dump(unserialize('a:2:{i:0;a:0:{}i:1;a:0:{}}'));
+var_dump(unserialize('a:3:{i:0;s:3:"foo";i:1;s:3:"bar";i:2;s:3:"baz";}'));
+var_dump(unserialize('O:8:"stdClass":0:{}'));
?>
+===DONE===
--EXPECT--
-__sleep called
-O:1:"t":2:{s:1:"a";s:5:"hello";s:1:"b";N;}
-object(t)(2) {
- ["a"]=>
- string(5) "hello"
- ["b"]=>
- NULL
+bool(false)
+bool(true)
+int(823)
+string(0) ""
+string(3) "foo"
+array(1) {
+ [0]=>
+ string(2) "12"
+}
+array(2) {
+ [0]=>
+ array(0) {
+ }
+ [1]=>
+ array(0) {
+ }
+}
+array(3) {
+ [0]=>
+ string(3) "foo"
+ [1]=>
+ string(3) "bar"
+ [2]=>
+ string(3) "baz"
+}
+object(stdClass)(0) {
}
+===DONE===
?>
--EXPECTF--
__sleep called
-
-Notice: serialize(): "b" returned as member variable from __sleep() but does not exist in %sbug14293.php on line %d
O:1:"t":2:{s:1:"a";s:5:"hello";s:1:"b";N;}
-object(t)#%d (2) {
+object(t)(2) {
["a"]=>
string(5) "hello"
["b"]=>
--FILE--
<?php
var_dump(unserialize("s:-1:\"\";"));
+var_dump(unserialize("i:823"));
+var_dump(unserialize("O:8:\"stdClass :0:{}"));
+var_dump(unserialize("O:8:\"stdClass\"+0:{}"));
+var_dump(unserialize("O:1000:\"stdClass\":0:{}"));
+var_dump(unserialize("a:2:{i:0;s:2:\"12\":"));
+var_dump(unserialize("a:2:{i:0;s:2:\"12\";i:1;s:3000:\"123"));
+var_dump(unserialize("a:2:{i:0;s:2:\"12\"+i:1;s:3:\"123\";}"));
+var_dump(unserialize("a:2:{i:0;s:2:\"12\";i:1;s:3:\"123\";"));
+var_dump(unserialize("s:3000:\"123\";"));
+var_dump(unserialize("s:3000:\"123"));
+var_dump(unserialize("s:3:\"123;"));
+var_dump(unserialize("s:0:\"123\";"));
?>
+===DONE===
--EXPECTF--
-Notice: unserialize(): Error at offset 0 of 8 bytes in %s on line %d
+Notice: unserialize(): Error at offset 0 of 8 bytes in %sbug25378.php on line %d
bool(false)
+
+Notice: unserialize(): Error at offset 0 of 5 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 13 of 19 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 14 of 19 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 2 of 22 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 17 of 18 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 24 of 33 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 17 of 33 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 33 of 32 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 2 of 13 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 2 of 11 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 8 of 9 bytes in %sbug25378.php on line %d
+bool(false)
+
+Notice: unserialize(): Error at offset 5 of 10 bytes in %sbug25378.php on line %d
+bool(false)
+===DONE===
var_dump($obj);
?>
--EXPECT--
-object(__PHP_Incomplete_Class)#1 (1) {
+object(__PHP_Incomplete_Class)(1) {
["__PHP_Incomplete_Class_Name"]=>
- string(9) "TestClass"
+ string(9) "testclass"
}
-O:9:"TestClass":0:{}
-object(__PHP_Incomplete_Class)#1 (1) {
+O:9:"testclass":0:{}
+object(__PHP_Incomplete_Class)(1) {
["__PHP_Incomplete_Class_Name"]=>
- string(9) "TestClass"
+ string(9) "testclass"
}
-O:9:"TestClass":0:{}
-object(__PHP_Incomplete_Class)#1 (1) {
+O:9:"testclass":0:{}
+object(__PHP_Incomplete_Class)(1) {
["__PHP_Incomplete_Class_Name"]=>
- string(9) "TestClass"
+ string(9) "testclass"
}
--FILE--
<?php
class a {
- public $b;
+ var $b;
}
class b {
- public $c;
+ var $c;
}
class c {
- public $d;
+ var $d;
}
$a = new a();
$a->b = new b();
$a->b->c->d = $a;
var_dump(unserialize(serialize($a)));
?>
---EXPECTF--
-object(a)#%d (1) {
+--EXPECT--
+object(a)(1) {
["b"]=>
- object(b)#%d (1) {
+ object(b)(1) {
["c"]=>
- object(c)#%d (1) {
+ object(c)(1) {
["d"]=>
- object(a)#%d (1) {
+ object(a)(1) {
["b"]=>
- object(b)#%d (1) {
+ object(b)(1) {
["c"]=>
- object(c)#%d (1) {
+ object(c)(1) {
["d"]=>
- *RECURSION*
+ NULL
}
}
}
+----------------------------------------------------------------------+
*/
-/* $Id: var.c
- 1.111 2001/08/06 13:36:08 thies Exp $ */
+/* $Id$ */
/* {{{ includes
{
HashTable *myht = NULL;
zend_object *object = NULL;
+ int (*php_element_dump_func)(zval**, int, va_list, zend_hash_key*);
+
+ php_element_dump_func = php_array_element_dump;
if (level > 1) {
php_printf("%*c", level - 1, ' ');
return;
}
php_printf("%sarray(%d) {\n", COMMON, zend_hash_num_elements(myht));
+ php_element_dump_func = php_array_element_dump;
goto head_done;
case IS_OBJECT:
object = Z_OBJ_PP(struc);
myht = Z_OBJPROP_PP(struc);
- if (myht->nApplyCount > 1) {
+ if (myht && myht->nApplyCount > 1) {
PUTS("*RECURSION*\n");
return;
}
php_printf("%sobject(%s)(%d) {\n", COMMON, Z_OBJCE_PP(struc)->name, zend_hash_num_elements(myht));
head_done:
- zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_array_element_dump, 1, level);
+ if (myht) {
+ zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_element_dump_func, 1, level);
+ }
if (level > 1) {
php_printf("%*c", level-1, ' ');
}
myht = Z_OBJPROP_PP(struc);
php_printf("%sobject(%s)(%d) refcount(%u){\n", COMMON, Z_OBJCE_PP(struc)->name, zend_hash_num_elements(myht), Z_REFCOUNT_PP(struc));
head_done:
- zend_hash_apply_with_arguments(myht, (apply_func_args_t) zval_array_element_dump, 1, level);
+ if (myht) {
+ zend_hash_apply_with_arguments(myht, (apply_func_args_t) zval_array_element_dump, 1, level);
+ }
if (level > 1) {
php_printf("%*c", level-1, ' ');
}
if (hash_key->nKeyLength==0) { /* numeric key */
php_printf("%*c%ld => ", level + 1, ' ', hash_key->h);
} else { /* string key */
- char *key;
- int key_len;
- key = php_addcslashes(hash_key->arKey, hash_key->nKeyLength - 1, &key_len, 0, "'\\", 2 TSRMLS_CC);
- php_printf("%*c'", level + 1, ' ');
- PHPWRITE(key, key_len);
- php_printf("' => ");
- efree(key);
+ if (va_arg(args, int) && hash_key->arKey[0] == '\0') {
+ return 0;
+ } else {
+ char *key;
+ int key_len;
+ key = php_addcslashes(hash_key->arKey, hash_key->nKeyLength - 1, &key_len, 0, "'\\", 2 TSRMLS_CC);
+ php_printf("%*c'", level + 1, ' ');
+ PHPWRITE(key, key_len);
+ php_printf("' => ");
+ efree(key);
+ }
}
php_var_export(zv, level + 2 TSRMLS_CC);
PUTS (",\n");
php_printf("\n%*c", level - 1, ' ');
}
php_printf ("class %s {\n", Z_OBJCE_PP(struc)->name);
- zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_object_element_export, 1, level);
+ if (myht) {
+ zend_hash_apply_with_arguments(myht, (apply_func_args_t) php_object_element_export, 1, level);
+ }
if (level > 1) {
php_printf("%*c", level - 1, ' ');
}
smart_str_appendl(buf, "\";", 2);
}
-static inline void php_var_serialize_class_name(smart_str *buf, zval **struc TSRMLS_DC)
+static inline zend_bool php_var_serialize_class_name(smart_str *buf, zval **struc TSRMLS_DC)
{
PHP_CLASS_ATTRIBUTES;
smart_str_appendl(buf, class_name, name_len);
smart_str_appendl(buf, "\":", 2);
PHP_CLEANUP_CLASS_ATTRIBUTES();
+ return incomplete_class;
}
static void php_var_serialize_class(smart_str *buf, zval **struc, zval *retval_ptr, HashTable *var_hash TSRMLS_DC)
{
int count;
+ zend_bool incomplete_class;
- php_var_serialize_class_name(buf, struc TSRMLS_CC);
+ incomplete_class = php_var_serialize_class_name(buf, struc TSRMLS_CC);
/* count after serializing name, since php_var_serialize_class_name
changes the count if the variable is incomplete class */
count = zend_hash_num_elements(HASH_OF(retval_ptr));
+ if (incomplete_class) {
+ --count;
+ }
smart_str_append_long(buf, count);
smart_str_appendl(buf, ":{", 2);
if (i == HASH_KEY_NON_EXISTANT)
break;
+ if (incomplete_class && strcmp(key, MAGIC_MEMBER) == 0) {
+ continue;
+ }
zend_hash_get_current_data_ex(HASH_OF(retval_ptr),
(void **) &name, &pos);
smart_str_appendl(buf,"N;", 2);
continue;
}
-
- php_var_serialize_string(buf, Z_STRVAL_PP(name), Z_STRLEN_PP(name));
-
if (zend_hash_find(Z_OBJPROP_PP(struc), Z_STRVAL_PP(name),
Z_STRLEN_PP(name) + 1, (void *) &d) == SUCCESS) {
+ php_var_serialize_string(buf, Z_STRVAL_PP(name), Z_STRLEN_PP(name));
php_var_serialize_intern(buf, d, var_hash TSRMLS_CC);
} else {
+ php_var_serialize_string(buf, Z_STRVAL_PP(name), Z_STRLEN_PP(name));
php_var_serialize_intern(buf, &nvalp, var_hash TSRMLS_CC);
}
}
ulong *var_already;
HashTable *myht;
- if(var_hash
- && php_add_var_hash(var_hash, *struc, (void *) &var_already) == FAILURE
- && (*struc)->is_ref) {
+ if (var_hash
+ && php_add_var_hash(var_hash, *struc, (void *) &var_already) == FAILURE) {
+ if((*struc)->is_ref) {
smart_str_appendl(buf, "R:", 2);
smart_str_append_long(buf, *var_already);
smart_str_appendc(buf, ';');
return;
+ } else if(Z_TYPE_PP(struc) == IS_OBJECT) {
+ smart_str_appendl(buf, "r:", 2);
+ smart_str_append_long(buf, *var_already);
+ smart_str_appendc(buf, ';');
+ return;
+ }
}
switch (Z_TYPE_PP(struc)) {
zval fname;
int res;
+ if(Z_OBJCE_PP(struc) != PHP_IC_ENTRY) {
INIT_PZVAL(&fname);
ZVAL_STRINGL(&fname, "__sleep", sizeof("__sleep") - 1, 0);
res = call_user_function_ex(CG(function_table), struc, &fname,
}
return;
}
+ }
+
if (retval_ptr)
zval_ptr_dtor(&retval_ptr);
/* fall-through */
}
- case IS_ARRAY:
- myht = HASH_OF(*struc);
+ case IS_ARRAY: {
+ zend_bool incomplete_class = 0;
if (Z_TYPE_PP(struc) == IS_ARRAY) {
smart_str_appendl(buf, "a:", 2);
+ myht = HASH_OF(*struc);
} else {
- php_var_serialize_class_name(buf, struc TSRMLS_CC);
+ incomplete_class = php_var_serialize_class_name(buf, struc TSRMLS_CC);
+ myht = Z_OBJPROP_PP(struc);
}
/* count after serializing name, since php_var_serialize_class_name
changes the count if the variable is incomplete class */
- i = zend_hash_num_elements(myht);
+ i = myht ? zend_hash_num_elements(myht) : 0;
+ if (i > 0 && incomplete_class) {
+ --i;
+ }
smart_str_append_long(buf, i);
smart_str_appendl(buf, ":{", 2);
if (i > 0) {
if (i == HASH_KEY_NON_EXISTANT)
break;
+ if (incomplete_class && strcmp(key, MAGIC_MEMBER) == 0) {
+ continue;
+ }
+
switch (i) {
case HASH_KEY_IS_LONG:
php_var_serialize_long(buf, index);
}
smart_str_appendc(buf, '}');
return;
+ }
default:
smart_str_appendl(buf, "i:0;", 4);
return;
}
if (Z_TYPE_PP(buf) == IS_STRING) {
- const char *p = Z_STRVAL_PP(buf);
+ const unsigned char *p = (unsigned char*)Z_STRVAL_PP(buf);
if (Z_STRLEN_PP(buf) == 0) {
RETURN_FALSE;
if (!php_var_unserialize(&return_value, &p, p + Z_STRLEN_PP(buf), &var_hash TSRMLS_CC)) {
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
zval_dtor(return_value);
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Error at offset %d of %d bytes", p - Z_STRVAL_PP(buf), Z_STRLEN_PP(buf));
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Error at offset %ld of %d bytes", (long)((char*)p - Z_STRVAL_PP(buf)), Z_STRLEN_PP(buf));
RETURN_FALSE;
}
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
-/* Generated by re2c 0.9.2 on Sat Mar 27 01:58:46 2004 */
+/* Generated by re2c 0.9.4 on Fri Sep 24 23:45:23 2004 */
#line 1 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+/*
+ +----------------------------------------------------------------------+
+ | PHP Version 4 |
+ +----------------------------------------------------------------------+
+ | Copyright (c) 1997-2003 The PHP Group |
+ +----------------------------------------------------------------------+
+ | This source file is subject to version 2.02 of the PHP license, |
+ | that is bundled with this package in the file LICENSE, and is |
+ | available at through the world-wide-web at |
+ | http://www.php.net/license/2_02.txt. |
+ | If you did not receive a copy of the PHP license and are unable to |
+ | obtain it through the world-wide-web, please send a note to |
+ | license@php.net so we can mail you a copy immediately. |
+ +----------------------------------------------------------------------+
+ | Authors: Sascha Schumann <sascha@schumann.cx> |
+ +----------------------------------------------------------------------+
+*/
+
+/* $Id$ */
#include "php.h"
#include "ext/standard/php_var.h"
#define YYMARKER marker
-#line 99 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 118 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
-static inline int parse_iv2(const char *p, const char **q)
+static inline int parse_iv2(const unsigned char *p, const unsigned char **q)
{
char cursor;
int result = 0;
}
while (1) {
- cursor = *p;
+ cursor = (char)*p;
if (cursor >= '0' && cursor <= '9') {
result = result * 10 + cursor - '0';
} else {
return result;
}
-static inline int parse_iv(const char *p)
+static inline int parse_iv(const unsigned char *p)
{
return parse_iv2(p, NULL);
}
-#define UNSERIALIZE_PARAMETER zval **rval, const char **p, const char *max, php_unserialize_data_t *var_hash TSRMLS_DC
+/* no need to check for length - re2c already did */
+static inline size_t parse_uiv(const unsigned char *p)
+{
+ unsigned char cursor;
+ size_t result = 0;
+
+ if (*p == '+') {
+ p++;
+ }
+
+ while (1) {
+ cursor = *p;
+ if (cursor >= '0' && cursor <= '9') {
+ result = result * 10 + (size_t)(cursor - (unsigned char)'0');
+ } else {
+ break;
+ }
+ p++;
+ }
+ return result;
+}
+
+#define UNSERIALIZE_PARAMETER zval **rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC
#define UNSERIALIZE_PASSTHRU rval, p, max, var_hash TSRMLS_CC
static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, int elements)
return 0;
}
+ if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) {
+ zval_dtor(key);
+ FREE_ZVAL(key);
+ return 0;
+ }
+
ALLOC_INIT_ZVAL(data);
if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
case IS_STRING:
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
break;
-
}
zval_dtor(key);
FREE_ZVAL(key);
+
+ if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
+ (*p)--;
+ return 0;
+ }
}
return 1;
}
+static char *str_tolower_copy(char *dest, const char *source, unsigned int length)
+{
+ register unsigned char *str = (unsigned char*)source;
+ register unsigned char *result = (unsigned char*)dest;
+ register unsigned char *end = str + length;
+
+ while (str < end) {
+ *result++ = tolower((int)*str++);
+ }
+ *result = *end;
+
+ return dest;
+}
+
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
const unsigned char *cursor, *limit, *marker, *start;
-#line 7 "re2c-output.c"
+#line 7 "<stdout>"
{
YYCTYPE yych;
unsigned int yyaccept;
goto yy15;
} else {
if(yych <= '}') goto yy13;
- if(yych <= '\277') goto yy15;
+ if(yych <= 0xBF) goto yy15;
goto yy2;
}
}
}
yy3: yyaccept = 0;
yych = *(YYMARKER = ++YYCURSOR);
- if(yych == ':') goto yy82;
+ if(yych == ':') goto yy80;
goto yy4;
yy4:
-#line 429 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 511 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{ return 0; }
-#line 101 "re2c-output.c"
+#line 101 "<stdout>"
yy5: yych = *++YYCURSOR;
- if(yych == ';') goto yy80;
+ if(yych == ';') goto yy78;
goto yy4;
yy6: yyaccept = 0;
yych = *(YYMARKER = ++YYCURSOR);
yych = *(YYMARKER = ++YYCURSOR);
if(yych == ':') goto yy16;
goto yy4;
-yy13: yych = *++YYCURSOR;
+yy13: ++YYCURSOR;
goto yy14;
yy14:
-#line 423 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 505 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
/* this is the case where we have less data than planned */
- zend_error(E_NOTICE, "Unexpected end of serialized data");
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
return 0; /* not sure if it should be 0 or 1 here? */
}
-#line 142 "re2c-output.c"
+#line 142 "<stdout>"
yy15: yych = *++YYCURSOR;
goto yy4;
yy16: yych = *++YYCURSOR;
yy20: yych = *++YYCURSOR;
if(yych != '"') goto yy2;
goto yy21;
-yy21: yych = *++YYCURSOR;
+yy21: ++YYCURSOR;
goto yy22;
yy22:
-#line 349 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 424 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
- int len;
+ size_t len, len2, maxlen;
int elements;
- int len2;
char *class_name;
zend_class_entry *ce;
int incomplete_class = 0;
zval *arg_func_name;
INIT_PZVAL(*rval);
- len2 = len = parse_iv(start + 2);
- if (len == 0)
+ len2 = len = parse_uiv(start + 2);
+ maxlen = max - YYCURSOR;
+ if (maxlen < len || len == 0) {
+ *p = start + 2;
return 0;
+ }
+
+ class_name = (char*)YYCURSOR;
- class_name = estrndup(YYCURSOR, len);
YYCURSOR += len;
- while (len-- > 0) {
- if (class_name[len] >= 'A' && class_name[len] <= 'Z') {
- class_name[len] = class_name[len] - 'A' + 'a';
- }
+ if (*(YYCURSOR) != '"') {
+ *p = YYCURSOR;
+ return 0;
}
-
- if (zend_hash_find(CG(class_table), class_name, len2 + 1, (void **) &ce) != SUCCESS) {
+ if (*(YYCURSOR+1) != ':') {
+ *p = YYCURSOR+1;
+ return 0;
+ }
+
+ class_name = str_tolower_copy((char *)emalloc(len+1), class_name, len);
+ class_name[len] = '\0';
+
+ if (zend_hash_find(CG(class_table), class_name, len + 1, (void **) &ce) != SUCCESS) {
if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) {
incomplete_class = 1;
ce = PHP_IC_ENTRY;
incomplete_class = 1;
ce = PHP_IC_ENTRY;
} else {
- if (zend_hash_find(CG(class_table), class_name, len2 + 1, (void **) &ce) != SUCCESS) {
+ if (zend_hash_find(CG(class_table), class_name, len + 1, (void **) &ce) != SUCCESS) {
zend_error(E_WARNING, "'unserialize_callback_func' (%s) hasn't defined the class it was called for", user_func->value.str.val);
incomplete_class = 1;
ce = PHP_IC_ENTRY;
#ifdef ZEND_ENGINE_2
ce = *(zend_class_entry **)ce; /* Bad hack, TBF! */
#endif
- efree(class_name);
}
}
}
#ifdef ZEND_ENGINE_2
ce = *(zend_class_entry **)ce; /* Bad hack, TBF! */
#endif
- efree(class_name);
}
*p = YYCURSOR;
if (incomplete_class) {
php_store_class_name(*rval, class_name, len2 TSRMLS_CC);
- efree(class_name);
}
+ efree(class_name);
return object_common2(UNSERIALIZE_PASSTHRU, elements);
}
-#line 239 "re2c-output.c"
+#line 247 "<stdout>"
yy23: yych = *++YYCURSOR;
if(yych <= ','){
if(yych != '+') goto yy2;
yy27: yych = *++YYCURSOR;
if(yych != '"') goto yy2;
goto yy28;
-yy28: yych = *++YYCURSOR;
+yy28: ++YYCURSOR;
goto yy29;
yy29:
-#line 341 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 416 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
INIT_PZVAL(*rval);
return object_common2(UNSERIALIZE_PASSTHRU,
object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
}
-#line 276 "re2c-output.c"
+#line 285 "<stdout>"
yy30: yych = *++YYCURSOR;
if(yych == '+') goto yy31;
if(yych <= '/') goto yy2;
yy34: yych = *++YYCURSOR;
if(yych != '{') goto yy2;
goto yy35;
-yy35: yych = *++YYCURSOR;
+yy35: ++YYCURSOR;
goto yy36;
yy36:
-#line 323 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 398 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
int elements = parse_iv(start + 2);
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
-#line 318 "re2c-output.c"
+#line 328 "<stdout>"
yy37: yych = *++YYCURSOR;
if(yych == '+') goto yy38;
if(yych <= '/') goto yy2;
yy41: yych = *++YYCURSOR;
if(yych != '"') goto yy2;
goto yy42;
-yy42: yych = *++YYCURSOR;
+yy42: ++YYCURSOR;
goto yy43;
yy43:
-#line 303 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 370 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
- int len;
+ size_t len, maxlen;
char *str;
- len = parse_iv(start + 2);
+ len = parse_uiv(start + 2);
+ maxlen = max - YYCURSOR;
+ if (maxlen < len) {
+ *p = start + 2;
+ return 0;
+ }
+
+ str = (char*)YYCURSOR;
- if (len == 0) {
- str = empty_string;
- } else {
- str = estrndup(YYCURSOR, len);
+ YYCURSOR += len;
+
+ if (*(YYCURSOR) != '"') {
+ *p = YYCURSOR;
+ return 0;
}
- YYCURSOR += len + 2;
+ YYCURSOR += 2;
*p = YYCURSOR;
INIT_PZVAL(*rval);
- ZVAL_STRINGL(*rval, str, len, 0);
+ ZVAL_STRINGL(*rval, str, len, 1);
return 1;
}
-#line 362 "re2c-output.c"
+#line 381 "<stdout>"
yy44: yych = *++YYCURSOR;
if(yych <= '/'){
if(yych <= ','){
goto yy2;
}
}
-yy54: yych = *++YYCURSOR;
+yy54: ++YYCURSOR;
goto yy55;
yy55:
-#line 296 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 363 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_DOUBLE(*rval, atof(start + 2));
return 1;
}
-#line 458 "re2c-output.c"
+#line 479 "<stdout>"
yy56: yych = *++YYCURSOR;
if(yych <= ','){
if(yych != '+') goto yy2;
yy64: yych = *++YYCURSOR;
if(yych != ';') goto yy2;
goto yy65;
-yy65: yych = *++YYCURSOR;
+yy65: ++YYCURSOR;
goto yy66;
yy66:
-#line 279 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 346 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
#endif
return 1;
}
-#line 535 "re2c-output.c"
+#line 558 "<stdout>"
yy67: yych = *++YYCURSOR;
if(yych == 'N') goto yy64;
goto yy2;
if(yych <= '9') goto yy70;
if(yych != ';') goto yy2;
goto yy72;
-yy72: yych = *++YYCURSOR;
+yy72: ++YYCURSOR;
goto yy73;
yy73:
-#line 272 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 339 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_LONG(*rval, parse_iv(start + 2));
return 1;
}
-#line 571 "re2c-output.c"
+#line 595 "<stdout>"
yy74: yych = *++YYCURSOR;
- if(yych <= ','){
- if(yych != '+') goto yy2;
- goto yy75;
- } else {
- if(yych <= '-') goto yy75;
- if(yych <= '/') goto yy2;
- if(yych <= '9') goto yy76;
- goto yy2;
- }
-yy75: yych = *++YYCURSOR;
if(yych <= '/') goto yy2;
- if(yych >= ':') goto yy2;
+ if(yych >= '2') goto yy2;
+ goto yy75;
+yy75: yych = *++YYCURSOR;
+ if(yych != ';') goto yy2;
goto yy76;
yy76: ++YYCURSOR;
- if(YYLIMIT == YYCURSOR) YYFILL(1);
- yych = *YYCURSOR;
goto yy77;
-yy77: if(yych <= '/') goto yy2;
- if(yych <= '9') goto yy76;
- if(yych != ';') goto yy2;
- goto yy78;
-yy78: yych = *++YYCURSOR;
- goto yy79;
-yy79:
-#line 265 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+yy77:
+#line 332 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_BOOL(*rval, parse_iv(start + 2));
return 1;
}
-#line 604 "re2c-output.c"
-yy80: yych = *++YYCURSOR;
- goto yy81;
-yy81:
-#line 258 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 613 "<stdout>"
+yy78: ++YYCURSOR;
+ goto yy79;
+yy79:
+#line 325 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_NULL(*rval);
return 1;
}
-#line 615 "re2c-output.c"
-yy82: yych = *++YYCURSOR;
+#line 624 "<stdout>"
+yy80: yych = *++YYCURSOR;
if(yych <= ','){
if(yych != '+') goto yy2;
- goto yy83;
+ goto yy81;
} else {
- if(yych <= '-') goto yy83;
+ if(yych <= '-') goto yy81;
if(yych <= '/') goto yy2;
- if(yych <= '9') goto yy84;
+ if(yych <= '9') goto yy82;
goto yy2;
}
-yy83: yych = *++YYCURSOR;
+yy81: yych = *++YYCURSOR;
if(yych <= '/') goto yy2;
if(yych >= ':') goto yy2;
- goto yy84;
-yy84: ++YYCURSOR;
+ goto yy82;
+yy82: ++YYCURSOR;
if(YYLIMIT == YYCURSOR) YYFILL(1);
yych = *YYCURSOR;
- goto yy85;
-yy85: if(yych <= '/') goto yy2;
- if(yych <= '9') goto yy84;
+ goto yy83;
+yy83: if(yych <= '/') goto yy2;
+ if(yych <= '9') goto yy82;
if(yych != ';') goto yy2;
- goto yy86;
-yy86: yych = *++YYCURSOR;
- goto yy87;
-yy87:
-#line 239 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+ goto yy84;
+yy84: ++YYCURSOR;
+ goto yy85;
+yy85:
+#line 304 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
{
int id;
return 0;
}
+ if (*rval != NULL) {
zval_ptr_dtor(rval);
+ }
*rval = *rval_ref;
(*rval)->refcount++;
(*rval)->is_ref = 1;
return 1;
}
-#line 660 "re2c-output.c"
+#line 672 "<stdout>"
}
-#line 431 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
+#line 513 "/usr/src/PHP_4_3_0/ext/standard/var_unserializer.re"
return 0;
projects / php / commitdiff