Fixed bug #62852 Unserialize Invalid Date crash

author Anatol Belski <ab@php.net>

Fri, 15 Mar 2013 20:22:35 +0000 (21:22 +0100)

committer Anatol Belski <ab@php.net>

Fri, 15 Mar 2013 20:22:35 +0000 (21:22 +0100)
author Anatol Belski <ab@php.net>
Fri, 15 Mar 2013 20:22:35 +0000 (21:22 +0100)
committer Anatol Belski <ab@php.net>
Fri, 15 Mar 2013 20:22:35 +0000 (21:22 +0100)
diff --git a/NEWS b/NEWS

index 9dc334d6240cc6160f258ddab3292afae9c924ff..46e69d6228de6e7a7bfe1eda21242df3f6fe095a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ PHP                                                                        NEWS
  - DateTime
    . Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
      (Gustavo, Derick, Anatol)
+  . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
  
  07 Mar 2013, PHP 5.5.0 Alpha 6
  
diff --git a/ext/date/php_date.c b/ext/date/php_date.c

index 52241234cabb58595a0e285b3bdbd492bed5d1e2..b454dd0f06d467482ef496782658774889c2137e 100644 (file)
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -2674,13 +2674,15 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
                                         case TIMELIB_ZONETYPE_OFFSET:
                                         case TIMELIB_ZONETYPE_ABBR: {
                                                 char *tmp = emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2);
+                                               int ret;
                                                 snprintf(tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone));
-                                               php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
+                                               ret = php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
                                                 efree(tmp);
-                                               return 1;
+                                               return 1 == ret;
                                         }
  
-                                       case TIMELIB_ZONETYPE_ID:
+                                       case TIMELIB_ZONETYPE_ID: {
+                                               int ret;
                                                 convert_to_string(*z_timezone);
  
                                                 tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
@@ -2691,9 +2693,10 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
                                                 tzobj->tzi.tz = tzi;
                                                 tzobj->initialized = 1;
  
-                                               php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
+                                               ret = php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
                                                 zval_ptr_dtor(&tmp_obj);
-                                               return 1;
+                                               return 1 == ret;
+                                       }
                                 }
                         }
                 }
@@ -2717,7 +2720,9 @@ PHP_METHOD(DateTime, __set_state)
  
         php_date_instantiate(date_ce_date, return_value TSRMLS_CC);
         dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTime object");
+       }
  }
  /* }}} */
  
@@ -2737,7 +2742,9 @@ PHP_METHOD(DateTimeImmutable, __set_state)
  
         php_date_instantiate(date_ce_immutable, return_value TSRMLS_CC);
         dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTimeImmutable object");
+       }
  }
  /* }}} */
  
@@ -2753,7 +2760,9 @@ PHP_METHOD(DateTime, __wakeup)
  
         myht = Z_OBJPROP_P(object);
  
-       php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+       if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+               php_error(E_ERROR, "Invalid serialization data for DateTime object");
+       }
  }
  /* }}} */
  
diff --git a/ext/date/tests/bug62852.phpt b/ext/date/tests/bug62852.phpt

index 26de510215113b087396d6d4cdbccde39c730ee2..7013a3f97c52295fc04c45982be800f45be6351c 100644 (file)
--- a/ext/date/tests/bug62852.phpt
+++ b/ext/date/tests/bug62852.phpt
@@ -1,36 +1,14 @@
  --TEST--
-Bug #62852 (Unserialize invalid DateTime causes crash)
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 1
  --INI--
  date.timezone=GMT
---XFAIL--
-bug is not fixed yet
  --FILE--
  <?php
  $s1 = 'O:8:"DateTime":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
-$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
  
-global $foo;
-
-class Foo extends DateTime {
-    function __wakeup() {
-        global $foo;
-        $foo = $this;
-        parent::__wakeup();
-    }
-}
-
-// Old test case
  try {
      unserialize( $s1 );
  } catch ( Exception $e ) {}
  
-// My test case
-try {
-    unserialize( $s2 );
-} catch ( Exception $e ) {}
-var_dump( $foo );
-
-echo "okey";
-?>
  --EXPECTF--
-okey
+Fatal error: Invalid serialization data for DateTime object in %sbug62852.php on line %d
diff --git a/ext/date/tests/bug62852_var2.phpt b/ext/date/tests/bug62852_var2.phpt

new file mode 100644 (file)

index 0000000..f93ba28
--- /dev/null
+++ b/ext/date/tests/bug62852_var2.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 2
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+    function __wakeup() {
+        global $foo;
+        $foo = $this;
+        parent::__wakeup();
+    }
+}
+
+try {
+    unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in %sbug62852_var2.php on line %d
diff --git a/ext/date/tests/bug62852_var3.phpt b/ext/date/tests/bug62852_var3.phpt

new file mode 100644 (file)

index 0000000..5a644b5
--- /dev/null
+++ b/ext/date/tests/bug62852_var3.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 3
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:19:"0000-00-00 00:00:00";s:13:"timezone_type";i:0;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+    function __wakeup() {
+        global $foo;
+        $foo = $this;
+        parent::__wakeup();
+    }
+}
+
+try {
+    unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in %sbug62852_var3.php on line %d
author	Anatol Belski <ab@php.net>
	Fri, 15 Mar 2013 20:22:35 +0000 (21:22 +0100)
committer	Anatol Belski <ab@php.net>
	Fri, 15 Mar 2013 20:22:35 +0000 (21:22 +0100)
NEWS		patch \| blob \| history
ext/date/php_date.c		patch \| blob \| history
ext/date/tests/bug62852.phpt		patch \| blob \| history
ext/date/tests/bug62852_var2.phpt	[new file with mode: 0644]	patch \| blob
ext/date/tests/bug62852_var3.phpt	[new file with mode: 0644]	patch \| blob