archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Re-fixed unserialize

Browse source
This commit is contained in:
Xinchen Hui 2014-02-26 15:51:53 +08:00
parent b7052ef16d
commit 24540362b0
3 changed files with 96 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ext/standard/php_var.h
View file

@ -51,6 +51,7 @@ typedef struct php_unserialize_data* php_unserialize_data_t;
PHPAPI void php_var_serialize(smart_str *buf, zval *struc, php_serialize_data_t *var_hash TSRMLS_DC);
PHPAPI int php_var_unserialize(zval *rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC);
PHPAPI int php_var_unserialize_intern(zval *rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC);
#define PHP_VAR_SERIALIZE_INIT(var_hash_ptr) \
do { \
@ -113,13 +114,9 @@ do { \
} \
} while (0)
PHPAPI void var_replace(php_unserialize_data_t *var_hash, zval *ozval, zval *nzval);
PHPAPI void var_push_dtor(php_unserialize_data_t *var_hash, zval *val);
PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rval);
PHPAPI void var_destroy(php_unserialize_data_t *var_hash);
#define PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash, ozval, nzval) \
var_replace((var_hash), (ozval), &(nzval))
PHPAPI zend_class_entry *php_create_empty_class(char *class_name, int len);

135
ext/standard/var_unserializer.c
View file

@ -29,12 +29,12 @@
#define VAR_ENTRIES_DBG 0
typedef struct {
zval *data[VAR_ENTRIES_MAX];
zval data[VAR_ENTRIES_MAX];
long used_slots;
void *next;
} var_entries;
static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval)
static inline zval *var_push(php_unserialize_data_t *var_hashx, zval *rval)
{
var_entries *var_hash = (*var_hashx)->last;
#if VAR_ENTRIES_DBG
@ -55,7 +55,8 @@ static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval)
(*var_hashx)->last = var_hash;
}
var_hash->data[var_hash->used_slots++] = rval;
ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval);
return &var_hash->data[var_hash->used_slots++];
}
PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval)
@ -79,8 +80,8 @@ PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval)
(*var_hashx)->last_dtor = var_hash;
}
Z_ADDREF_P(rval);
var_hash->data[var_hash->used_slots++] = rval;
ZVAL_COPY(&var_hash->data[var_hash->used_slots], rval);
var_hash->used_slots++;
}
PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rval)
@ -104,26 +105,8 @@ PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rva
(*var_hashx)->last_dtor = var_hash;
}
var_hash->data[var_hash->used_slots++] = rval;
}
PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval *nzval)
{
long i;
var_entries *var_hash = (*var_hashx)->first;
#if VAR_ENTRIES_DBG
fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval));
#endif
while (var_hash) {
for (i = 0; i < var_hash->used_slots; i++) {
if (var_hash->data[i] == ozval) {
var_hash->data[i] = nzval;
/* do not break here */
}
}
var_hash = var_hash->next;
}
ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval);
var_hash->used_slots++;
}
static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store)
@ -142,7 +125,7 @@ static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store)
if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
*store = var_hash->data[id];
*store = &var_hash->data[id];
return SUCCESS;
}
@ -166,7 +149,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
while (var_hash) {
for (i = 0; i < var_hash->used_slots; i++) {
zval_ptr_dtor(var_hash->data[i]);
zval_ptr_dtor(&var_hash->data[i]);
}
next = var_hash->next;
efree(var_hash);
@ -226,7 +209,7 @@ static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen
#define YYMARKER marker
#line 234 "ext/standard/var_unserializer.re"
#line 217 "ext/standard/var_unserializer.re"
@ -292,10 +275,9 @@ static inline size_t parse_uiv(const unsigned char *p)
static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long elements, int objprops)
{
while (elements-- > 0) {
zval key, data, *old_data;
zval key, *data, d, *old_data;
if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
zval_dtor(&key);
if (!php_var_unserialize_intern(&key, p, max, NULL TSRMLS_CC)) {
return 0;
}
@ -304,8 +286,14 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
return 0;
}
ZVAL_UNDEF(&data);
if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
if (var_hash && (*p)[0] != 'R') {
data = var_push(var_hash, data);
} else {
data = &d;
}
ZVAL_UNDEF(data);
if (!php_var_unserialize_intern(data, p, max, var_hash TSRMLS_CC)) {
zval_dtor(&key);
return 0;
}
@ -316,19 +304,19 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
if ((old_data = zend_hash_index_find(ht, Z_LVAL(key))) != NULL) {
var_push_dtor(var_hash, old_data);
}
zend_hash_index_update(ht, Z_LVAL(key), &data);
zend_hash_index_update(ht, Z_LVAL(key), data);
break;
case IS_STRING:
if ((old_data = zend_symtable_find(ht, Z_STR(key))) != NULL) {
var_push_dtor(var_hash, old_data);
}
zend_symtable_update(ht, Z_STR(key), &data);
zend_symtable_update(ht, Z_STR(key), data);
break;
}
} else {
/* object properties should include no integers */
convert_to_string(&key);
zend_hash_update(ht, Z_STR(key), &data);
zend_hash_update(ht, Z_STR(key), data);
}
zval_dtor(&key);
@ -425,6 +413,15 @@ static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
#endif
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
if (var_hash && (*p)[0] != 'R') {
var_push(var_hash, rval);
}
return php_var_unserialize_intern(UNSERIALIZE_PASSTHRU);
}
PHPAPI int php_var_unserialize_intern(UNSERIALIZE_PARAMETER)
{
const unsigned char *cursor, *limit, *marker, *start;
zval *rval_ref;
@ -436,16 +433,10 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
return 0;
}
if (var_hash && cursor[0] != 'R') {
var_push(var_hash, rval);
}
start = cursor;
#line 449 "ext/standard/var_unserializer.c"
#line 440 "ext/standard/var_unserializer.c"
{
YYCTYPE yych;
static const unsigned char yybm[] = {
@ -505,9 +496,9 @@ yy2:
yych = *(YYMARKER = ++YYCURSOR);
if (yych == ':') goto yy95;
yy3:
#line 786 "ext/standard/var_unserializer.re"
#line 777 "ext/standard/var_unserializer.re"
{ return 0; }
#line 511 "ext/standard/var_unserializer.c"
#line 502 "ext/standard/var_unserializer.c"
yy4:
yych = *(YYMARKER = ++YYCURSOR);
if (yych == ':') goto yy89;
@ -550,13 +541,13 @@ yy13:
goto yy3;
yy14:
++YYCURSOR;
#line 780 "ext/standard/var_unserializer.re"
#line 771 "ext/standard/var_unserializer.re"
{
/* this is the case where we have less data than planned */
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
return 0; /* not sure if it should be 0 or 1 here? */
}
#line 560 "ext/standard/var_unserializer.c"
#line 551 "ext/standard/var_unserializer.c"
yy16:
yych = *++YYCURSOR;
goto yy3;
@ -586,7 +577,7 @@ yy20:
yych = *++YYCURSOR;
if (yych != '"') goto yy18;
++YYCURSOR;
#line 641 "ext/standard/var_unserializer.re"
#line 632 "ext/standard/var_unserializer.re"
{
size_t len, len2, len3, maxlen;
long elements;
@ -725,7 +716,7 @@ yy20:
return object_common2(UNSERIALIZE_PASSTHRU, elements);
}
#line 729 "ext/standard/var_unserializer.c"
#line 720 "ext/standard/var_unserializer.c"
yy25:
yych = *++YYCURSOR;
if (yych <= ',') {
@ -750,7 +741,7 @@ yy27:
yych = *++YYCURSOR;
if (yych != '"') goto yy18;
++YYCURSOR;
#line 633 "ext/standard/var_unserializer.re"
#line 624 "ext/standard/var_unserializer.re"
{
//??? INIT_PZVAL(rval);
@ -758,7 +749,7 @@ yy27:
return object_common2(UNSERIALIZE_PASSTHRU,
object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
}
#line 762 "ext/standard/var_unserializer.c"
#line 753 "ext/standard/var_unserializer.c"
yy32:
yych = *++YYCURSOR;
if (yych == '+') goto yy33;
@ -779,7 +770,7 @@ yy34:
yych = *++YYCURSOR;
if (yych != '{') goto yy18;
++YYCURSOR;
#line 615 "ext/standard/var_unserializer.re"
#line 606 "ext/standard/var_unserializer.re"
{
long elements = parse_iv(start + 2);
/* use iv() not uiv() in order to check data range */
@ -797,7 +788,7 @@ yy34:
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
#line 801 "ext/standard/var_unserializer.c"
#line 792 "ext/standard/var_unserializer.c"
yy39:
yych = *++YYCURSOR;
if (yych == '+') goto yy40;
@ -818,7 +809,7 @@ yy41:
yych = *++YYCURSOR;
if (yych != '"') goto yy18;
++YYCURSOR;
#line 586 "ext/standard/var_unserializer.re"
#line 577 "ext/standard/var_unserializer.re"
{
size_t len, maxlen;
char *str;
@ -847,7 +838,7 @@ yy41:
ZVAL_STRINGL(rval, str, len);
return 1;
}
#line 851 "ext/standard/var_unserializer.c"
#line 842 "ext/standard/var_unserializer.c"
yy46:
yych = *++YYCURSOR;
if (yych == '+') goto yy47;
@ -868,7 +859,7 @@ yy48:
yych = *++YYCURSOR;
if (yych != '"') goto yy18;
++YYCURSOR;
#line 559 "ext/standard/var_unserializer.re"
#line 550 "ext/standard/var_unserializer.re"
{
size_t len, maxlen;
char *str;
@ -895,7 +886,7 @@ yy48:
ZVAL_STRINGL(rval, str, len);
return 1;
}
#line 899 "ext/standard/var_unserializer.c"
#line 890 "ext/standard/var_unserializer.c"
yy53:
yych = *++YYCURSOR;
if (yych <= '/') {
@ -983,7 +974,7 @@ yy61:
}
yy63:
++YYCURSOR;
#line 550 "ext/standard/var_unserializer.re"
#line 541 "ext/standard/var_unserializer.re"
{
#if SIZEOF_LONG == 4
use_double:
@ -992,7 +983,7 @@ use_double:
ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL));
return 1;
}
#line 996 "ext/standard/var_unserializer.c"
#line 987 "ext/standard/var_unserializer.c"
yy65:
yych = *++YYCURSOR;
if (yych <= ',') {
@ -1051,7 +1042,7 @@ yy73:
yych = *++YYCURSOR;
if (yych != ';') goto yy18;
++YYCURSOR;
#line 534 "ext/standard/var_unserializer.re"
#line 525 "ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
@ -1067,7 +1058,7 @@ yy73:
return 1;
}
#line 1071 "ext/standard/var_unserializer.c"
#line 1062 "ext/standard/var_unserializer.c"
yy76:
yych = *++YYCURSOR;
if (yych == 'N') goto yy73;
@ -1094,7 +1085,7 @@ yy79:
if (yych <= '9') goto yy79;
if (yych != ';') goto yy18;
++YYCURSOR;
#line 508 "ext/standard/var_unserializer.re"
#line 499 "ext/standard/var_unserializer.re"
{
#if SIZEOF_LONG == 4
int digits = YYCURSOR - start - 3;
@ -1120,7 +1111,7 @@ yy79:
ZVAL_LONG(rval, parse_iv(start + 2));
return 1;
}
#line 1124 "ext/standard/var_unserializer.c"
#line 1115 "ext/standard/var_unserializer.c"
yy83:
yych = *++YYCURSOR;
if (yych <= '/') goto yy18;
@ -1128,22 +1119,22 @@ yy83:
yych = *++YYCURSOR;
if (yych != ';') goto yy18;
++YYCURSOR;
#line 502 "ext/standard/var_unserializer.re"
#line 493 "ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
ZVAL_BOOL(rval, parse_iv(start + 2));
return 1;
}
#line 1138 "ext/standard/var_unserializer.c"
#line 1129 "ext/standard/var_unserializer.c"
yy87:
++YYCURSOR;
#line 496 "ext/standard/var_unserializer.re"
#line 487 "ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
ZVAL_NULL(rval);
return 1;
}
#line 1147 "ext/standard/var_unserializer.c"
#line 1138 "ext/standard/var_unserializer.c"
yy89:
yych = *++YYCURSOR;
if (yych <= ',') {
@ -1166,7 +1157,7 @@ yy91:
if (yych <= '9') goto yy91;
if (yych != ';') goto yy18;
++YYCURSOR;
#line 473 "ext/standard/var_unserializer.re"
#line 464 "ext/standard/var_unserializer.re"
{
long id;
@ -1189,7 +1180,7 @@ yy91:
return 1;
}
#line 1193 "ext/standard/var_unserializer.c"
#line 1184 "ext/standard/var_unserializer.c"
yy95:
yych = *++YYCURSOR;
if (yych <= ',') {
@ -1212,7 +1203,7 @@ yy97:
if (yych <= '9') goto yy97;
if (yych != ';') goto yy18;
++YYCURSOR;
#line 453 "ext/standard/var_unserializer.re"
#line 444 "ext/standard/var_unserializer.re"
{
long id;
@ -1232,9 +1223,9 @@ yy97:
return 1;
}
#line 1236 "ext/standard/var_unserializer.c"
#line 1227 "ext/standard/var_unserializer.c"
}
#line 788 "ext/standard/var_unserializer.re"
#line 779 "ext/standard/var_unserializer.re"
return 0;

73
ext/standard/var_unserializer.re
View file

@ -27,12 +27,12 @@
#define VAR_ENTRIES_DBG 0
typedef struct {
zval *data[VAR_ENTRIES_MAX];
zval data[VAR_ENTRIES_MAX];
long used_slots;
void *next;
} var_entries;
static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval)
static inline zval *var_push(php_unserialize_data_t *var_hashx, zval *rval)
{
var_entries *var_hash = (*var_hashx)->last;
#if VAR_ENTRIES_DBG
@ -53,7 +53,8 @@ static inline void var_push(php_unserialize_data_t *var_hashx, zval *rval)
(*var_hashx)->last = var_hash;
}
var_hash->data[var_hash->used_slots++] = rval;
ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval);
return &var_hash->data[var_hash->used_slots++];
}
PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval)
@ -77,8 +78,8 @@ PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval *rval)
(*var_hashx)->last_dtor = var_hash;
}
Z_ADDREF_P(rval);
var_hash->data[var_hash->used_slots++] = rval;
ZVAL_COPY(&var_hash->data[var_hash->used_slots], rval);
var_hash->used_slots++;
}
PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rval)
@ -102,26 +103,8 @@ PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval *rva
(*var_hashx)->last_dtor = var_hash;
}
var_hash->data[var_hash->used_slots++] = rval;
}
PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval *nzval)
{
long i;
var_entries *var_hash = (*var_hashx)->first;
#if VAR_ENTRIES_DBG
fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval));
#endif
while (var_hash) {
for (i = 0; i < var_hash->used_slots; i++) {
if (var_hash->data[i] == ozval) {
var_hash->data[i] = nzval;
/* do not break here */
}
}
var_hash = var_hash->next;
}
ZVAL_COPY_VALUE(&var_hash->data[var_hash->used_slots], rval);
var_hash->used_slots++;
}
static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store)
@ -140,7 +123,7 @@ static int var_access(php_unserialize_data_t *var_hashx, long id, zval **store)
if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
*store = var_hash->data[id];
*store = &var_hash->data[id];
return SUCCESS;
}
@ -164,7 +147,7 @@ PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
while (var_hash) {
for (i = 0; i < var_hash->used_slots; i++) {
zval_ptr_dtor(var_hash->data[i]);
zval_ptr_dtor(&var_hash->data[i]);
}
next = var_hash->next;
efree(var_hash);
@ -296,10 +279,9 @@ static inline size_t parse_uiv(const unsigned char *p)
static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long elements, int objprops)
{
while (elements-- > 0) {
zval key, data, *old_data;
zval key, *data, d, *old_data;
if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
zval_dtor(&key);
if (!php_var_unserialize_intern(&key, p, max, NULL TSRMLS_CC)) {
return 0;
}
@ -308,8 +290,14 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
return 0;
}
ZVAL_UNDEF(&data);
if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
if (var_hash && (*p)[0] != 'R') {
data = var_push(var_hash, data);
} else {
data = &d;
}
ZVAL_UNDEF(data);
if (!php_var_unserialize_intern(data, p, max, var_hash TSRMLS_CC)) {
zval_dtor(&key);
return 0;
}
@ -320,19 +308,19 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long
if ((old_data = zend_hash_index_find(ht, Z_LVAL(key))) != NULL) {
var_push_dtor(var_hash, old_data);
}
zend_hash_index_update(ht, Z_LVAL(key), &data);
zend_hash_index_update(ht, Z_LVAL(key), data);
break;
case IS_STRING:
if ((old_data = zend_symtable_find(ht, Z_STR(key))) != NULL) {
var_push_dtor(var_hash, old_data);
}
zend_symtable_update(ht, Z_STR(key), &data);
zend_symtable_update(ht, Z_STR(key), data);
break;
}
} else {
/* object properties should include no integers */
convert_to_string(&key);
zend_hash_update(ht, Z_STR(key), &data);
zend_hash_update(ht, Z_STR(key), data);
}
zval_dtor(&key);
@ -429,6 +417,15 @@ static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
#endif
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
if (var_hash && (*p)[0] != 'R') {
var_push(var_hash, rval);
}
return php_var_unserialize_intern(UNSERIALIZE_PASSTHRU);
}
PHPAPI int php_var_unserialize_intern(UNSERIALIZE_PARAMETER)
{
const unsigned char *cursor, *limit, *marker, *start;
zval *rval_ref;
@ -440,14 +437,8 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
return 0;
}
if (var_hash && cursor[0] != 'R') {
var_push(var_hash, rval);
}
start = cursor;
/*!re2c
"R:" iv ";" {