From: Xinchen Hui Date: Mon, 11 Sep 2017 04:47:47 +0000 (+0800) Subject: Merge branch 'PHP-7.1' into PHP-7.2 X-Git-Tag: php-7.2.0RC2~24 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=82d4727dbb33a1ca9145b735fb4709c604178c76;p=php Merge branch 'PHP-7.1' into PHP-7.2 * PHP-7.1: Fixed bug #75152 (signed integer overflow in parse_iv) Conflicts: ext/standard/var_unserializer.c --- 82d4727dbb33a1ca9145b735fb4709c604178c76 diff --cc ext/standard/var_unserializer.c index 2c5ea75adb,f48c44660c..7e429a40bd --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@@ -652,7 -603,7 +644,7 @@@ static int php_var_unserialize_internal start = cursor; - #line 656 "ext/standard/var_unserializer.c" -#line 607 "ext/standard/var_unserializer.c" ++#line 648 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@@ -710,9 -661,9 +702,9 @@@ yy2: ++YYCURSOR; yy3: - #line 1043 "ext/standard/var_unserializer.re" -#line 982 "ext/standard/var_unserializer.re" ++#line 1035 "ext/standard/var_unserializer.re" { return 0; } - #line 716 "ext/standard/var_unserializer.c" -#line 667 "ext/standard/var_unserializer.c" ++#line 708 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy17; @@@ -759,13 -710,13 +751,13 @@@ yy14 goto yy3; yy15: ++YYCURSOR; - #line 1037 "ext/standard/var_unserializer.re" -#line 976 "ext/standard/var_unserializer.re" ++#line 1029 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } - #line 769 "ext/standard/var_unserializer.c" -#line 720 "ext/standard/var_unserializer.c" ++#line 761 "ext/standard/var_unserializer.c" yy17: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { @@@ -776,22 -728,29 +768,22 @@@ yy18 goto yy3; yy19: ++YYCURSOR; - #line 709 "ext/standard/var_unserializer.re" -#line 660 "ext/standard/var_unserializer.re" ++#line 701 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_NULL(rval); return 1; } - #line 786 "ext/standard/var_unserializer.c" -#line 738 "ext/standard/var_unserializer.c" ++#line 778 "ext/standard/var_unserializer.c" yy21: yych = *++YYCURSOR; - if (yych <= ',') { - if (yych == '+') goto yy33; - goto yy18; - } else { - if (yych <= '-') goto yy33; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy34; - goto yy18; - } + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy32; + goto yy18; yy22: yych = *++YYCURSOR; - if (yych == '+') goto yy36; if (yych <= '/') goto yy18; - if (yych <= '9') goto yy37; + if (yych <= '9') goto yy34; goto yy18; yy23: yych = *++YYCURSOR; @@@ -972,16 -975,16 +964,16 @@@ yy53 if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yych <= '/') goto yy18; - if (yych <= '9') goto yy60; - if (yych <= ':') goto yy81; + if (yych <= '9') goto yy53; + if (yych <= ':') goto yy74; goto yy18; -yy62: +yy55: yych = *++YYCURSOR; - if (yych == '"') goto yy82; + if (yych == '"') goto yy75; goto yy18; -yy63: +yy56: ++YYCURSOR; - #line 660 "ext/standard/var_unserializer.re" -#line 611 "ext/standard/var_unserializer.re" ++#line 652 "ext/standard/var_unserializer.re" { zend_long id; @@@ -1006,27 -1009,27 +998,27 @@@ return 1; } - #line 1010 "ext/standard/var_unserializer.c" -#line 1013 "ext/standard/var_unserializer.c" -yy65: ++#line 1002 "ext/standard/var_unserializer.c" +yy58: yych = *++YYCURSOR; - if (yych == '"') goto yy84; + if (yych == '"') goto yy77; goto yy18; -yy66: +yy59: yych = *++YYCURSOR; - if (yych == '{') goto yy86; + if (yych == '{') goto yy79; goto yy18; -yy67: +yy60: ++YYCURSOR; - #line 715 "ext/standard/var_unserializer.re" -#line 666 "ext/standard/var_unserializer.re" ++#line 707 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_BOOL(rval, parse_iv(start + 2)); return 1; } - #line 1027 "ext/standard/var_unserializer.c" -#line 1030 "ext/standard/var_unserializer.c" -yy69: ++#line 1019 "ext/standard/var_unserializer.c" +yy62: ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); + if ((YYLIMIT - YYCURSOR) < 3) YYFILL(3); yych = *YYCURSOR; if (yych <= ';') { if (yych <= '/') goto yy18; @@@ -1041,9 -1044,9 +1033,9 @@@ goto yy18; } } -yy71: +yy64: ++YYCURSOR; - #line 763 "ext/standard/var_unserializer.re" -#line 714 "ext/standard/var_unserializer.re" ++#line 755 "ext/standard/var_unserializer.re" { #if SIZEOF_ZEND_LONG == 4 use_double: @@@ -1052,29 -1055,29 +1044,29 @@@ ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL)); return 1; } - #line 1056 "ext/standard/var_unserializer.c" -#line 1059 "ext/standard/var_unserializer.c" -yy73: ++#line 1048 "ext/standard/var_unserializer.c" +yy66: yych = *++YYCURSOR; if (yych <= ',') { - if (yych == '+') goto yy88; + if (yych == '+') goto yy81; goto yy18; } else { - if (yych <= '-') goto yy88; + if (yych <= '-') goto yy81; if (yych <= '/') goto yy18; - if (yych <= '9') goto yy89; + if (yych <= '9') goto yy82; goto yy18; } -yy74: +yy67: yych = *++YYCURSOR; - if (yych == 'F') goto yy91; + if (yych == 'F') goto yy84; goto yy18; -yy75: +yy68: yych = *++YYCURSOR; - if (yych == 'N') goto yy91; + if (yych == 'N') goto yy84; goto yy18; -yy76: +yy69: ++YYCURSOR; - #line 721 "ext/standard/var_unserializer.re" -#line 672 "ext/standard/var_unserializer.re" ++#line 713 "ext/standard/var_unserializer.re" { #if SIZEOF_ZEND_LONG == 4 int digits = YYCURSOR - start - 3; @@@ -1100,14 -1103,14 +1092,14 @@@ ZVAL_LONG(rval, parse_iv(start + 2)); return 1; } - #line 1104 "ext/standard/var_unserializer.c" -#line 1107 "ext/standard/var_unserializer.c" -yy78: ++#line 1096 "ext/standard/var_unserializer.c" +yy71: yych = *++YYCURSOR; - if (yych == '"') goto yy92; + if (yych == '"') goto yy85; goto yy18; -yy79: +yy72: ++YYCURSOR; - #line 685 "ext/standard/var_unserializer.re" -#line 636 "ext/standard/var_unserializer.re" ++#line 677 "ext/standard/var_unserializer.re" { zend_long id; @@@ -1131,14 -1134,14 +1123,14 @@@ return 1; } - #line 1135 "ext/standard/var_unserializer.c" -#line 1138 "ext/standard/var_unserializer.c" -yy81: ++#line 1127 "ext/standard/var_unserializer.c" +yy74: yych = *++YYCURSOR; - if (yych == '"') goto yy94; + if (yych == '"') goto yy87; goto yy18; -yy82: +yy75: ++YYCURSOR; - #line 885 "ext/standard/var_unserializer.re" -#line 824 "ext/standard/var_unserializer.re" ++#line 877 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; zend_long elements; @@@ -1290,10 -1293,10 +1282,10 @@@ return object_common2(UNSERIALIZE_PASSTHRU, elements); } - #line 1294 "ext/standard/var_unserializer.c" -#line 1297 "ext/standard/var_unserializer.c" -yy84: ++#line 1286 "ext/standard/var_unserializer.c" +yy77: ++YYCURSOR; - #line 810 "ext/standard/var_unserializer.re" -#line 755 "ext/standard/var_unserializer.re" ++#line 802 "ext/standard/var_unserializer.re" { size_t len, maxlen; zend_string *str; @@@ -1327,10 -1330,10 +1319,10 @@@ ZVAL_STR(rval, str); return 1; } - #line 1331 "ext/standard/var_unserializer.c" -#line 1334 "ext/standard/var_unserializer.c" -yy86: ++#line 1323 "ext/standard/var_unserializer.c" +yy79: ++YYCURSOR; - #line 844 "ext/standard/var_unserializer.re" -#line 789 "ext/standard/var_unserializer.re" ++#line 836 "ext/standard/var_unserializer.re" { zend_long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@@ -1360,26 -1357,32 +1352,26 @@@ return finish_nested_data(UNSERIALIZE_PASSTHRU); } - #line 1364 "ext/standard/var_unserializer.c" -#line 1361 "ext/standard/var_unserializer.c" -yy88: ++#line 1356 "ext/standard/var_unserializer.c" +yy81: yych = *++YYCURSOR; - if (yych <= ',') { - if (yych == '+') goto yy96; - goto yy18; - } else { - if (yych <= '-') goto yy96; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; - } -yy89: + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy82: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; if (yych <= '/') goto yy18; - if (yych <= '9') goto yy89; - if (yych == ';') goto yy71; + if (yych <= '9') goto yy82; + if (yych == ';') goto yy64; goto yy18; -yy91: +yy84: yych = *++YYCURSOR; - if (yych == ';') goto yy97; + if (yych == ';') goto yy89; goto yy18; -yy92: +yy85: ++YYCURSOR; - #line 874 "ext/standard/var_unserializer.re" -#line 813 "ext/standard/var_unserializer.re" ++#line 866 "ext/standard/var_unserializer.re" { zend_long elements; if (!var_hash) return 0; @@@ -1390,10 -1393,10 +1382,10 @@@ } return object_common2(UNSERIALIZE_PASSTHRU, elements); } - #line 1394 "ext/standard/var_unserializer.c" -#line 1397 "ext/standard/var_unserializer.c" -yy94: ++#line 1386 "ext/standard/var_unserializer.c" +yy87: ++YYCURSOR; - #line 772 "ext/standard/var_unserializer.re" -#line 723 "ext/standard/var_unserializer.re" ++#line 764 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@@ -1422,19 -1425,18 +1414,19 @@@ YYCURSOR += 2; *p = YYCURSOR; - ZVAL_STRINGL(rval, str, len); + if (len == 0) { + ZVAL_EMPTY_STRING(rval); + } else if (len == 1) { + ZVAL_INTERNED_STR(rval, ZSTR_CHAR((zend_uchar)*str)); + } else { + ZVAL_STRINGL(rval, str, len); + } return 1; } - #line 1435 "ext/standard/var_unserializer.c" -#line 1432 "ext/standard/var_unserializer.c" -yy96: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy89; - goto yy18; -yy97: ++#line 1427 "ext/standard/var_unserializer.c" +yy89: ++YYCURSOR; - #line 747 "ext/standard/var_unserializer.re" -#line 698 "ext/standard/var_unserializer.re" ++#line 739 "ext/standard/var_unserializer.re" { *p = YYCURSOR; @@@ -1450,9 -1452,9 +1442,9 @@@ return 1; } - #line 1454 "ext/standard/var_unserializer.c" -#line 1456 "ext/standard/var_unserializer.c" ++#line 1446 "ext/standard/var_unserializer.c" } - #line 1045 "ext/standard/var_unserializer.re" -#line 984 "ext/standard/var_unserializer.re" ++#line 1037 "ext/standard/var_unserializer.re" return 0;