From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 7 Feb 2005 22:32:31 +0000 (+0000)
Subject: MFH: Fixed bug #31527 (crash in msg_send() when non-string is stored without
X-Git-Tag: php-4.3.11RC1~74
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e2381946db55aec363d5c6e6e4bc7d2e2d99156e;p=php

MFH: Fixed bug #31527 (crash in msg_send() when non-string is stored without
being serialized).
---

diff --git a/NEWS b/NEWS
index 038c4aa9f1..52e7aa648d 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ PHP 4                                                                      NEWS
 - Fixed bug #31623 (OCILogin does not support password grace period).
   (daniel dot beet at accuratesoftware dot com, Tony)
 - Fixed bug #31580 (fgetcsv() problematic with "" escape sequences). (Ilia)
+- Fixed bug #31527 (crash in msg_send() when non-string is stored without
+  being serialized). (Ilia)
 - Fixed bug #31514 (open_basedir uses path_translated rather then cwd for .
   translation). (Ilia)
 - Fixed bug #31480 (Possible infinite loop in imap_mail_compose()). (Ilia)
diff --git a/ext/sysvmsg/sysvmsg.c b/ext/sysvmsg/sysvmsg.c
index e4d2efc31f..fcf180ba7b 100644
--- a/ext/sysvmsg/sysvmsg.c
+++ b/ext/sysvmsg/sysvmsg.c
@@ -367,10 +367,33 @@ PHP_FUNCTION(msg_send)
 		message_len = msg_var.len;
 		smart_str_free(&msg_var);
 	} else {
-		convert_to_string_ex(&message);
-		messagebuffer = emalloc(sizeof(struct php_msgbuf) + Z_STRLEN_P(message));
-		memcpy(messagebuffer->mtext, Z_STRVAL_P(message), Z_STRLEN_P(message) + 1);
-		message_len = Z_STRLEN_P(message);
+		char *p;
+		switch (Z_TYPE_P(message)) {
+			case IS_STRING:
+				p = Z_STRVAL_P(message);
+				message_len = Z_STRLEN_P(message);
+				break;
+
+			case IS_LONG:
+			case IS_BOOL:
+				message_len = spprintf(&p, 0, "%ld", Z_LVAL_P(message));
+				break;
+
+			case IS_DOUBLE:
+				message_len = spprintf(&p, 0, "%f", Z_DVAL_P(message));
+				break;
+
+			default:
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Message parameter must be either a string or a number.");
+				RETURN_FALSE;
+		}
+
+		messagebuffer = emalloc(sizeof(struct php_msgbuf) + message_len);
+		memcpy(messagebuffer->mtext, p, message_len + 1);
+
+		if (Z_TYPE_P(message) != IS_STRING) {
+			efree(p);
+		}
 	}
 	
 	/* set the message type */