archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed OSS fuzz issues #55589, #55599, and #55727

Browse source
This commit is contained in:
Derick Rethans 2023-02-07 13:24:01 +00:00
parent 81aedad452
commit 5d9ee8f920
6 changed files with 52 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitattributes vendored
View file

@ -23,3 +23,6 @@
**/*_arginfo.h linguist-generated
/Zend/zend_vm_execute.h linguist-generated
/Zend/zend_vm_opcodes.{h,c} linguist-generated
# The OSS fuzz files are bunary
/ext/date/tests/ossfuzz*.txt binary

12
ext/date/php_date.c
View file

@ -2706,6 +2706,7 @@ PHP_METHOD(DateTime, __set_state)
dateobj = Z_PHPDATE_P(return_value);
if (!php_date_initialize_from_hash(&dateobj, myht)) {
zend_throw_error(NULL, "Invalid serialization data for DateTime object");
RETURN_THROWS();
}
}
/* }}} */
@ -2727,6 +2728,7 @@ PHP_METHOD(DateTimeImmutable, __set_state)
dateobj = Z_PHPDATE_P(return_value);
if (!php_date_initialize_from_hash(&dateobj, myht)) {
zend_throw_error(NULL, "Invalid serialization data for DateTimeImmutable object");
RETURN_THROWS();
}
}
/* }}} */
@ -2789,7 +2791,7 @@ static void restore_custom_datetime_properties(zval *object, HashTable *myht)
zval *prop_val;
ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(myht, prop_name, prop_val) {
if (date_time_is_internal_property(prop_name)) {
if (!prop_name || (Z_TYPE_P(prop_val) == IS_REFERENCE) || date_time_is_internal_property(prop_name)) {
continue;
}
add_property_zval_ex(object, ZSTR_VAL(prop_name), ZSTR_LEN(prop_name), prop_val);
@ -2813,6 +2815,7 @@ PHP_METHOD(DateTime, __unserialize)
if (!php_date_initialize_from_hash(&dateobj, myht)) {
zend_throw_error(NULL, "Invalid serialization data for DateTime object");
RETURN_THROWS();
}
restore_custom_datetime_properties(object, myht);
@ -2836,6 +2839,7 @@ PHP_METHOD(DateTimeImmutable, __unserialize)
if (!php_date_initialize_from_hash(&dateobj, myht)) {
zend_throw_error(NULL, "Invalid serialization data for DateTimeImmutable object");
RETURN_THROWS();
}
restore_custom_datetime_properties(object, myht);
@ -3821,7 +3825,7 @@ static void restore_custom_datetimezone_properties(zval *object, HashTable *myht
zval *prop_val;
ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(myht, prop_name, prop_val) {
if (date_timezone_is_internal_property(prop_name)) {
if (!prop_name || (Z_TYPE_P(prop_val) == IS_REFERENCE) || date_timezone_is_internal_property(prop_name)) {
continue;
}
add_property_zval_ex(object, ZSTR_VAL(prop_name), ZSTR_LEN(prop_name), prop_val);
@ -4449,7 +4453,7 @@ static void restore_custom_dateinterval_properties(zval *object, HashTable *myht
zval *prop_val;
ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(myht, prop_name, prop_val) {
if (date_interval_is_internal_property(prop_name)) {
if (!prop_name || (Z_TYPE_P(prop_val) == IS_REFERENCE) || date_interval_is_internal_property(prop_name)) {
continue;
}
add_property_zval_ex(object, ZSTR_VAL(prop_name), ZSTR_LEN(prop_name), prop_val);
@ -5411,7 +5415,7 @@ static void restore_custom_dateperiod_properties(zval *object, HashTable *myht)
zval *prop_val;
ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(myht, prop_name, prop_val) {
if (date_period_is_internal_property(prop_name)) {
if (!prop_name || (Z_TYPE_P(prop_val) == IS_REFERENCE) || date_period_is_internal_property(prop_name)) {
continue;
}
add_property_zval_ex(object, ZSTR_VAL(prop_name), ZSTR_LEN(prop_name), prop_val);

1
ext/date/tests/ossfuzz-55589.txt Normal file
View file

@ -0,0 +1 @@
|O:12:"DaTeInterval":2:{i:2;r:1;i:0;R:2;

1
ext/date/tests/ossfuzz-55599.txt Normal file
View file

@ -0,0 +1 @@
|O:8:"DateTime":1:{i:1;d:2;

BIN
ext/date/tests/ossfuzz-55727.txt Normal file
View file

Binary file not shown.

39
ext/date/tests/unserialize-test.phpt Normal file
View file

@ -0,0 +1,39 @@
--TEST--
Test DateInterval::__unserialize OSS fuzz issues
--FILE--
<?php
$files = [
'ossfuzz-55589.txt',
'ossfuzz-55599.txt',
'ossfuzz-55727.txt',
];
foreach ($files as $file) {
echo "{$file}: ";
$s = file_get_contents(__DIR__ . "/{$file}");
try {
$x = unserialize(substr($s, strpos($s, "|") + 1));
} catch (Error $e) {
echo get_class($e), ': ', $e->getMessage(), "\n";
}
var_dump($x);
echo "\n\n";
}
?>
--EXPECTF--
ossfuzz-55589.txt:
%s: unserialize(): Error at offset 39 of 39 bytes in %sunserialize-test.php on line 14
bool(false)
ossfuzz-55599.txt:
%s: unserialize(): Error at offset 26 of 26 bytes in %sunserialize-test.php on line 14
Error: Invalid serialization data for DateTime object
bool(false)
ossfuzz-55727.txt:
%s: unserialize(): Error at offset 230 of 509 bytes in %sunserialize-test.php on line 14
bool(false)