From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 28 Dec 2005 20:57:07 +0000 (+0000)
Subject: MFH: Fixed bug #35817 (unpack() does not decode odd number of hexadecimal
X-Git-Tag: php-4.4.2RC2~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2ac9f9c28bd016e9cdb2741e501b4d826bfb5c78;p=php

MFH: Fixed bug #35817 (unpack() does not decode odd number of hexadecimal
values)
---

diff --git a/NEWS b/NEWS
index 47310f362a..6e7113d4d1 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP 4                                                                      NEWS
 ?? ??? 2005, Version 4.4.2
 - Prevent header injection by limiting each header to a single line. (Ilia)
 - Fixed possible XSS inside error reporting functionality. (Ilia)
+- Fixed bug #35817 (unpack() does not decode odd number of hexadecimal values).
+  (Ilia)
 - Fixed bug #35735 ($EGREP not defined in configure). (Jani)
 - Fixed bug #35655 (whitespace following end of heredoc is lost). (Ilia)
 - Fixed bug #35646 (%{mod_php_memory_usage}n is not reset after exit). 
diff --git a/ext/standard/pack.c b/ext/standard/pack.c
index 3aeb2d2bee..d2f2134580 100644
--- a/ext/standard/pack.c
+++ b/ext/standard/pack.c
@@ -246,7 +246,7 @@ PHP_FUNCTION(pack)
 		switch ((int) code) {
 			case 'h': 
 			case 'H': 
-				INC_OUTPUTPOS((arg + 1) / 2,1)	/* 4 bit per arg */
+				INC_OUTPUTPOS((arg + (arg % 2)) / 2,1)	/* 4 bit per arg */
 				break;
 
 			case 'a': 
@@ -539,7 +539,7 @@ PHP_FUNCTION(unpack)
 	while (formatlen-- > 0) {
 		char type = *(format++);
 		char c;
-		int arg = 1;
+		int arg = 1, argb;
 		char *name;
 		int namelen;
 		int size=0;
@@ -564,6 +564,7 @@ PHP_FUNCTION(unpack)
 
 		/* Get of new value in array */
 		name = format;
+		argb = arg;
 
 		while (formatlen > 0 && *format != '/') {
 			formatlen--;
@@ -593,7 +594,7 @@ PHP_FUNCTION(unpack)
 
 			case 'h': 
 			case 'H': 
-				size = (arg > 0) ? arg / 2 : arg;
+				size = (arg > 0) ? (arg + (arg % 2)) / 2 : arg;
 				arg = 1;
 				break;
 
@@ -692,6 +693,8 @@ PHP_FUNCTION(unpack)
 							len = size * 2;
 						} 
 
+						len -= argb % 2;
+
 						buf = emalloc(len + 1);
 
 						for (ipos = opos = 0; opos < len; opos++) {
diff --git a/ext/standard/tests/strings/bug35817.phpt b/ext/standard/tests/strings/bug35817.phpt
new file mode 100644
index 0000000000..e2a752c4ab
--- /dev/null
+++ b/ext/standard/tests/strings/bug35817.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Bug #35817 (unpack() does not decode odd number of hexadecimal values)
+--FILE--
+<?php
+$a = pack("H3","181");
+$b = unpack("H3", $a);
+var_dump($b);
+
+$a = pack("H2","18");
+$b = unpack("H2", $a);
+var_dump($b);
+
+$a = pack("H","1");
+$b = unpack("H", $a);
+var_dump($b);
+?>
+--EXPECT--
+array(1) {
+  [1]=>
+  string(3) "181"
+}
+array(1) {
+  [1]=>
+  string(2) "18"
+}
+array(1) {
+  [1]=>
+  string(1) "1"
+}