From b7052ef16dccd5858626bb7899193cdc16853861 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Wed, 26 Feb 2014 13:33:55 +0800 Subject: [PATCH] Revert "Fixed unserialize implementation (it's complicated, this issue took me 4 hours :<, need some review)" This reverts commit 80a178015d6b162ff0ba7a8e8f5a08c88829cc3c. --- ext/standard/php_var.h | 4 ++ ext/standard/var_unserializer.c | 110 +++++++++++++++++-------------- ext/standard/var_unserializer.re | 48 +++++++++----- 3 files changed, 95 insertions(+), 67 deletions(-) diff --git a/ext/standard/php_var.h b/ext/standard/php_var.h index b5c18885f9..f2c00611db 100644 --- a/ext/standard/php_var.h +++ b/ext/standard/php_var.h @@ -113,9 +113,13 @@ do { \ } \ } while (0) +PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval *nzval); PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval *val); PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rval); PHPAPI void var_destroy(php_unserialize_data_t *var_hash); + +#define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \ + var_replace((var_hash), (ozval), &(nzval)) PHPAPI zend_class_entry *php_create_empty_class(char *class_name, int len); diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 6bbf22c8f4..fe7e0a1277 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -29,7 +29,7 @@ #define VAR_ENTRIES_DBG 0 typedef struct { - zval data[VAR_ENTRIES_MAX]; + zval *data[VAR_ENTRIES_MAX]; long used_slots; void *next; } var_entries; @@ -55,8 +55,7 @@ static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval) (*var_hashx)->last = var_hash; } - ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval); - var_hash->used_slots++; + var_hash->data[var_hash->used_slots++] = rval; } PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval) @@ -80,8 +79,8 @@ PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval) (*var_hashx)->last_dtor = var_hash; } - ZVAL_COPY(&var_hash->data[var_hash->used_slots], rval); - var_hash->used_slots++; + Z_ADDREF_P(rval); + var_hash->data[var_hash->used_slots++] = rval; } PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rval) @@ -105,8 +104,26 @@ PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rva (*var_hashx)->last_dtor = var_hash; } - ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval); - var_hash->used_slots++; + var_hash->data[var_hash->used_slots++] = rval; +} + +PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval *nzval) +{ + long i; + var_entries *var_hash = (*var_hashx)->first; +#if VAR_ENTRIES_DBG + fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval)); +#endif + + while (var_hash) { + for (i = 0; i < var_hash->used_slots; i++) { + if (var_hash->data[i] == ozval) { + var_hash->data[i] = nzval; + /* do not break here */ + } + } + var_hash = var_hash->next; + } } static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store) @@ -125,7 +142,7 @@ static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store) if (id < 0 || id >= var_hash->used_slots) return !SUCCESS; - *store = &var_hash->data[id]; + *store = var_hash->data[id]; return SUCCESS; } @@ -149,7 +166,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx) while (var_hash) { for (i = 0; i < var_hash->used_slots; i++) { - zval_ptr_dtor(&var_hash->data[i]); + zval_ptr_dtor(var_hash->data[i]); } next = var_hash->next; efree(var_hash); @@ -209,7 +226,7 @@ static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen #define YYMARKER marker -#line 217 "ext/standard/var_unserializer.re" +#line 234 "ext/standard/var_unserializer.re" @@ -282,11 +299,6 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long return 0; } - if (var_hash && !Z_ISREF(key)) { - var_push(var_hash, &key); - } - - if (Z_TYPE(key) != IS_LONG && Z_TYPE(key) != IS_STRING) { zval_dtor(&key); return 0; @@ -298,10 +310,6 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long return 0; } - if (var_hash && !Z_ISREF(data)) { - var_push(var_hash, &data); - } - if (!objprops) { switch (Z_TYPE(key)) { case IS_LONG: @@ -428,12 +436,16 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) return 0; } + if (var_hash && cursor[0] != 'R') { + var_push(var_hash, rval); + } + start = cursor; -#line 437 "ext/standard/var_unserializer.c" +#line 449 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -493,9 +505,9 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 774 "ext/standard/var_unserializer.re" +#line 786 "ext/standard/var_unserializer.re" { return 0; } -#line 499 "ext/standard/var_unserializer.c" +#line 511 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -538,13 +550,13 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 768 "ext/standard/var_unserializer.re" +#line 780 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 548 "ext/standard/var_unserializer.c" +#line 560 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -574,7 +586,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 629 "ext/standard/var_unserializer.re" +#line 641 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; long elements; @@ -713,7 +725,7 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 717 "ext/standard/var_unserializer.c" +#line 729 "ext/standard/var_unserializer.c" yy25: yych = *++YYCURSOR; if (yych <= ',') { @@ -738,7 +750,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 621 "ext/standard/var_unserializer.re" +#line 633 "ext/standard/var_unserializer.re" { //??? INIT_PZVAL(rval); @@ -746,7 +758,7 @@ yy27: return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 750 "ext/standard/var_unserializer.c" +#line 762 "ext/standard/var_unserializer.c" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; @@ -767,7 +779,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 603 "ext/standard/var_unserializer.re" +#line 615 "ext/standard/var_unserializer.re" { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -785,7 +797,7 @@ yy34: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 789 "ext/standard/var_unserializer.c" +#line 801 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -806,7 +818,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 574 "ext/standard/var_unserializer.re" +#line 586 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -835,7 +847,7 @@ yy41: ZVAL_STRINGL(rval, str, len); return 1; } -#line 839 "ext/standard/var_unserializer.c" +#line 851 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -856,7 +868,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 547 "ext/standard/var_unserializer.re" +#line 559 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -883,7 +895,7 @@ yy48: ZVAL_STRINGL(rval, str, len); return 1; } -#line 887 "ext/standard/var_unserializer.c" +#line 899 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -971,7 +983,7 @@ yy61: } yy63: ++YYCURSOR; -#line 538 "ext/standard/var_unserializer.re" +#line 550 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 use_double: @@ -980,7 +992,7 @@ use_double: ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 984 "ext/standard/var_unserializer.c" +#line 996 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1039,7 +1051,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 522 "ext/standard/var_unserializer.re" +#line 534 "ext/standard/var_unserializer.re" { *p = YYCURSOR; @@ -1055,7 +1067,7 @@ yy73: return 1; } -#line 1059 "ext/standard/var_unserializer.c" +#line 1071 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1082,7 +1094,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 496 "ext/standard/var_unserializer.re" +#line 508 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1108,7 +1120,7 @@ yy79: ZVAL_LONG(rval, parse_iv(start + 2)); return 1; } -#line 1112 "ext/standard/var_unserializer.c" +#line 1124 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1116,22 +1128,22 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 490 "ext/standard/var_unserializer.re" +#line 502 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_BOOL(rval, parse_iv(start + 2)); return 1; } -#line 1126 "ext/standard/var_unserializer.c" +#line 1138 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 484 "ext/standard/var_unserializer.re" +#line 496 "ext/standard/var_unserializer.re" { *p = YYCURSOR; ZVAL_NULL(rval); return 1; } -#line 1135 "ext/standard/var_unserializer.c" +#line 1147 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1154,7 +1166,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 461 "ext/standard/var_unserializer.re" +#line 473 "ext/standard/var_unserializer.re" { long id; @@ -1177,7 +1189,7 @@ yy91: return 1; } -#line 1181 "ext/standard/var_unserializer.c" +#line 1193 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1200,7 +1212,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 441 "ext/standard/var_unserializer.re" +#line 453 "ext/standard/var_unserializer.re" { long id; @@ -1220,9 +1232,9 @@ yy97: return 1; } -#line 1224 "ext/standard/var_unserializer.c" +#line 1236 "ext/standard/var_unserializer.c" } -#line 776 "ext/standard/var_unserializer.re" +#line 788 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 592a01e8a1..a81e0ecb92 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -27,7 +27,7 @@ #define VAR_ENTRIES_DBG 0 typedef struct { - zval data[VAR_ENTRIES_MAX]; + zval *data[VAR_ENTRIES_MAX]; long used_slots; void *next; } var_entries; @@ -53,8 +53,7 @@ static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval) (*var_hashx)->last = var_hash; } - ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval); - var_hash->used_slots++; + var_hash->data[var_hash->used_slots++] = rval; } PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval) @@ -78,8 +77,8 @@ PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval) (*var_hashx)->last_dtor = var_hash; } - ZVAL_COPY(&var_hash->data[var_hash->used_slots], rval); - var_hash->used_slots++; + Z_ADDREF_P(rval); + var_hash->data[var_hash->used_slots++] = rval; } PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rval) @@ -103,8 +102,26 @@ PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rva (*var_hashx)->last_dtor = var_hash; } - ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval); - var_hash->used_slots++; + var_hash->data[var_hash->used_slots++] = rval; +} + +PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval *nzval) +{ + long i; + var_entries *var_hash = (*var_hashx)->first; +#if VAR_ENTRIES_DBG + fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval)); +#endif + + while (var_hash) { + for (i = 0; i < var_hash->used_slots; i++) { + if (var_hash->data[i] == ozval) { + var_hash->data[i] = nzval; + /* do not break here */ + } + } + var_hash = var_hash->next; + } } static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store) @@ -123,7 +140,7 @@ static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store) if (id < 0 || id >= var_hash->used_slots) return !SUCCESS; - *store = &var_hash->data[id]; + *store = var_hash->data[id]; return SUCCESS; } @@ -147,7 +164,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx) while (var_hash) { for (i = 0; i < var_hash->used_slots; i++) { - zval_ptr_dtor(&var_hash->data[i]); + zval_ptr_dtor(var_hash->data[i]); } next = var_hash->next; efree(var_hash); @@ -286,11 +303,6 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long return 0; } - if (var_hash && !Z_ISREF(key)) { - var_push(var_hash, &key); - } - - if (Z_TYPE(key) != IS_LONG && Z_TYPE(key) != IS_STRING) { zval_dtor(&key); return 0; @@ -302,10 +314,6 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long return 0; } - if (var_hash && !Z_ISREF(data)) { - var_push(var_hash, &data); - } - if (!objprops) { switch (Z_TYPE(key)) { case IS_LONG: @@ -432,6 +440,10 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) return 0; } + if (var_hash && cursor[0] != 'R') { + var_push(var_hash, rval); + } + start = cursor; -- 2.40.0