From: Marcus Boerger Date: Mon, 3 Oct 2005 17:58:47 +0000 (+0000) Subject: - Throw an exception if an illegal string value is being used in ArrayObject::offsetSet() X-Git-Tag: RELEASE_0_9_0~23 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=070ed3003958f23dbbfd591c83932b2ae7090da4;p=php - Throw an exception if an illegal string value is being used in ArrayObject::offsetSet() --- diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index adb83ccea4..67ac818285 100755 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -305,6 +305,10 @@ static void spl_array_write_dimension_ex(int check_inherited, zval *object, zval case IS_STRING: case IS_BINARY: case IS_UNICODE: + if (*(char*)Z_UNIVAL_P(offset) == '\0') { + zend_throw_exception(U_CLASS_ENTRY(spl_ce_InvalidArgumentException), "An offset must not begin with \\0 or be empty", 0 TSRMLS_CC); + return; + } value->refcount++; zend_u_symtable_update(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_TYPE_P(offset), Z_UNIVAL_P(offset), Z_UNILEN_P(offset)+1, (void**)&value, sizeof(void*), NULL); return; diff --git a/ext/spl/tests/array_018.phpt b/ext/spl/tests/array_018.phpt new file mode 100755 index 0000000000..0cb8827995 --- /dev/null +++ b/ext/spl/tests/array_018.phpt @@ -0,0 +1,50 @@ +--TEST-- +SPL: ArrayObject and \0 +--SKIPIF-- + +--FILE-- +offsetSet("\0", "Foo"); +} +catch (Exception $e) +{ + var_dump($e->getMessage()); +} + +var_dump($foo); + +try +{ + $foo = new ArrayObject(); + $data = explode("=", "=Foo"); + $foo->offsetSet($data[0], $data[1]); +} +catch (Exception $e) +{ + var_dump($e->getMessage()); +} + +var_dump($foo); + +?> +===DONE=== +--EXPECTF-- +string(44) "An offset must not begin with \0 or be empty" +object(ArrayObject)#%d (0) { +} +string(44) "An offset must not begin with \0 or be empty" +object(ArrayObject)#%d (0) { +} +===DONE=== +--UEXPECTF-- +unicode(44) "An offset must not begin with \0 or be empty" +object(ArrayObject)#%d (0) { +} +unicode(44) "An offset must not begin with \0 or be empty" +object(ArrayObject)#%d (0) { +} +===DONE===