From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 30 Nov 2005 18:10:19 +0000 (+0000)
Subject: Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys
X-Git-Tag: php-5.1.2RC1~291
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c60079862b9fc5397be8f686186794ba5336b6bc;p=php

Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys
properly).
---

diff --git a/NEWS b/NEWS
index 138b4e3294..517a24ca87 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,8 @@ PHP                                                                        NEWS
 - Fixed bug #35422 (strtotime() does not parse times with UTC as timezone).
   (Ilia)
 - Fixed bug #35414 (strtotime() no longer works with ordinal suffix). (Ilia)
+- Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys 
+  properly). (Ilia)
 - Fixed bug #35409 (undefined reference to 'rl_completion_matches'). (Jani)
 - Fixed bug #35399 (Since fix of bug #35273 SOAP decoding of
   soapenc:base64binary fails). (Dmitry)
diff --git a/ext/wddx/tests/bug35410.phpt b/ext/wddx/tests/bug35410.phpt
new file mode 100755
index 0000000000..a14544d03c
--- /dev/null
+++ b/ext/wddx/tests/bug35410.phpt
@@ -0,0 +1,71 @@
+--TEST--
+#35410 (wddx_deserialize() doesn't handle large ints as keys properly)
+--FILE--
+<?php
+$wddx = <<<WDX
+<wddxpacket version="1.0">
+<header>
+<comment>Content Configuration File</comment>
+</header>
+<data>
+<struct>
+<var name="content_queries">
+<struct>
+<var name="content_113300831086270200">
+<struct>
+<var name="113301888545229100">
+<struct>
+<var name="max">
+<number>10</number>
+</var>
+<var name="cache">
+<number>4</number>
+</var>
+<var name="order">
+<struct>
+<var name="content_113300831086270200">
+<struct>
+<var name="CMS_BUILD">
+<string>desc</string>
+</var>
+</struct>
+</var>
+</struct>
+</var>
+</struct>
+</var>
+</struct>
+</var>
+</struct>
+</var>
+</struct>
+</data>
+</wddxpacket>
+WDX;
+
+var_dump(wddx_deserialize($wddx));
+?>
+--EXPECT--
+array(1) {
+  ["content_queries"]=>
+  array(1) {
+    ["content_113300831086270200"]=>
+    array(1) {
+      ["113301888545229100"]=>
+      array(3) {
+        ["max"]=>
+        int(10)
+        ["cache"]=>
+        int(4)
+        ["order"]=>
+        array(1) {
+          ["content_113300831086270200"]=>
+          array(1) {
+            ["CMS_BUILD"]=>
+            string(4) "desc"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index 2c1dd1dff0..e6f993590c 100644
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -1005,11 +1005,15 @@ static void php_wddx_pop_element(void *user_data, const XML_Char *name)
 				
 						switch (is_numeric_string(ent1->varname, strlen(ent1->varname), &l, &d, 0)) {
 							case IS_DOUBLE:
+								if (d > INT_MAX) {
+									goto bigint;
+								}
 								l = (long) d;
 							case IS_LONG:
 								zend_hash_index_update(target_hash, l, &ent1->data, sizeof(zval *), NULL);
 								break;
 							default:
+bigint:
 								zend_hash_update(target_hash,ent1->varname, strlen(ent1->varname)+1, &ent1->data, sizeof(zval *), NULL);
 						}
 					}