(JSON extension includes a problematic license statement). (Jakub Zelenka)
. Fixed bug #68938 (json_decode() decodes empty string without error).
(jeremy at bat-country dot us)
+ . Fixed bug #68546 (json_decode() Fatal error: Cannot access property
+ started with '\0'). (Jakub Zelenka)
- LDAP
. Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE). (Andreas Heigl)
REGISTER_LONG_CONSTANT("JSON_ERROR_RECURSION", PHP_JSON_ERROR_RECURSION, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("JSON_ERROR_INF_OR_NAN", PHP_JSON_ERROR_INF_OR_NAN, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("JSON_ERROR_UNSUPPORTED_TYPE", PHP_JSON_ERROR_UNSUPPORTED_TYPE, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("JSON_ERROR_INVALID_PROPERTY_NAME", PHP_JSON_ERROR_INVALID_PROPERTY_NAME, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("JSON_OBJECT_AS_ARRAY", PHP_JSON_OBJECT_AS_ARRAY, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("JSON_BIGINT_AS_STRING", PHP_JSON_BIGINT_AS_STRING, CONST_CS | CONST_PERSISTENT);
RETURN_STRING("Inf and NaN cannot be JSON encoded");
case PHP_JSON_ERROR_UNSUPPORTED_TYPE:
RETURN_STRING("Type is not supported");
+ case PHP_JSON_ERROR_INVALID_PROPERTY_NAME:
+ RETURN_STRING("The decoded property name is invalid");
default:
RETURN_STRING("Unknown error");
}
int php_json_yylex(union YYSTYPE *value, php_json_parser *parser);
void php_json_yyerror(php_json_parser *parser, char const *msg);
void php_json_parser_object_init(php_json_parser *parser, zval *object);
-void php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue);
+int php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue);
void php_json_parser_array_init(zval *object);
void php_json_parser_array_append(zval *array, zval *zvalue);
static const yytype_uint8 yyrline[] =
{
0, 92, 92, 98, 105, 105, 113, 114, 123, 126,
- 130, 135, 140, 147, 152, 159, 159, 167, 168, 177,
- 180, 184, 189, 194, 201, 202, 206, 207, 208, 209,
- 210, 211, 212, 213, 214, 215, 219
+ 130, 136, 142, 149, 154, 161, 161, 169, 170, 179,
+ 182, 186, 191, 196, 203, 204, 208, 209, 210, 211,
+ 212, 213, 214, 215, 216, 217, 221
};
#endif
{
php_json_parser_object_init(parser, &(yyval.value));
- php_json_parser_object_update(parser, &(yyval.value), (yyvsp[0].pair).key, &(yyvsp[0].pair).val);
+ if (php_json_parser_object_update(parser, &(yyval.value), (yyvsp[0].pair).key, &(yyvsp[0].pair).val) == FAILURE)
+ YYERROR;
}
break;
case 11:
{
- php_json_parser_object_update(parser, &(yyvsp[-2].value), (yyvsp[0].pair).key, &(yyvsp[0].pair).val);
+ if (php_json_parser_object_update(parser, &(yyvsp[-2].value), (yyvsp[0].pair).key, &(yyvsp[0].pair).val) == FAILURE)
+ YYERROR;
ZVAL_COPY_VALUE(&(yyval.value), &(yyvsp[-2].value));
}
}
}
-void php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue)
+int php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue)
{
/* if JSON_OBJECT_AS_ARRAY is set */
if (Z_TYPE_P(object) == IS_ARRAY) {
if (key->len == 0) {
zend_string_release(key);
key = zend_string_init("_empty_", sizeof("_empty_") - 1, 0);
+ } else if (key->val[0] == '\0') {
+ parser->scanner.errcode = PHP_JSON_ERROR_INVALID_PROPERTY_NAME;
+ zend_string_release(key);
+ zval_dtor(zvalue);
+ zval_dtor(object);
+ return FAILURE;
}
ZVAL_NEW_STR(&zkey, key);
zend_std_write_property(object, &zkey, zvalue, NULL);
}
}
zend_string_release(key);
+
+ return SUCCESS;
}
void php_json_parser_array_init(zval *array)
int php_json_yylex(union YYSTYPE *value, php_json_parser *parser);
void php_json_yyerror(php_json_parser *parser, char const *msg);
void php_json_parser_object_init(php_json_parser *parser, zval *object);
-void php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue);
+int php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue);
void php_json_parser_array_init(zval *object);
void php_json_parser_array_append(zval *array, zval *zvalue);
pair
{
php_json_parser_object_init(parser, &$$);
- php_json_parser_object_update(parser, &$$, $1.key, &$1.val);
+ if (php_json_parser_object_update(parser, &$$, $1.key, &$1.val) == FAILURE)
+ YYERROR;
}
| member ',' pair
{
- php_json_parser_object_update(parser, &$1, $3.key, &$3.val);
+ if (php_json_parser_object_update(parser, &$1, $3.key, &$3.val) == FAILURE)
+ YYERROR;
ZVAL_COPY_VALUE(&$$, &$1);
}
| member errlex
}
}
-void php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue)
+int php_json_parser_object_update(php_json_parser *parser, zval *object, zend_string *key, zval *zvalue)
{
/* if JSON_OBJECT_AS_ARRAY is set */
if (Z_TYPE_P(object) == IS_ARRAY) {
if (key->len == 0) {
zend_string_release(key);
key = zend_string_init("_empty_", sizeof("_empty_") - 1, 0);
+ } else if (key->val[0] == '\0') {
+ parser->scanner.errcode = PHP_JSON_ERROR_INVALID_PROPERTY_NAME;
+ zend_string_release(key);
+ zval_dtor(zvalue);
+ zval_dtor(object);
+ return FAILURE;
}
ZVAL_NEW_STR(&zkey, key);
zend_std_write_property(object, &zkey, zvalue, NULL);
}
}
zend_string_release(key);
+
+ return SUCCESS;
}
void php_json_parser_array_init(zval *array)
PHP_JSON_ERROR_RECURSION,
PHP_JSON_ERROR_INF_OR_NAN,
PHP_JSON_ERROR_UNSUPPORTED_TYPE,
+ PHP_JSON_ERROR_INVALID_PROPERTY_NAME,
PHP_JSON_ERROR_UTF16
} php_json_error_code;
--- /dev/null
+--TEST--
+Bug #68546 (json_decode() Fatal error: Cannot access property started with '\0')
+--SKIPIF--
+<?php
+
+if (!extension_loaded('json')) die('skip');
+?>
+--FILE--
+<?php
+
+var_dump(json_decode('{"key": {"\u0000": "aa"}}'));
+var_dump(json_last_error() === JSON_ERROR_INVALID_PROPERTY_NAME);
+var_dump(json_decode('[{"key1": 0, "\u0000": 1}]'));
+var_dump(json_last_error() === JSON_ERROR_INVALID_PROPERTY_NAME);
+var_dump(json_last_error_msg());
+
+echo "Done\n";
+?>
+--EXPECTF--
+NULL
+bool(true)
+NULL
+bool(true)
+string(36) "The decoded property name is invalid"
+Done