Improved the fix for bug #67072, thanks Nikita

This commit is contained in:
Anatol Belski 2014-04-18 15:13:32 +02:00
parent 6e1e98d7b8
commit c2acdbdd3d
4 changed files with 50 additions and 44 deletions

View file

@ -156,10 +156,11 @@ object(TestNAOld)#%d (0) {
} }
===NANew=== ===NANew===
unserializer(TestNANew) unserializer(TestNANew)
TestNew::unserialize()
TestNew::__wakeup() Warning: Erroneous data format for unserializing 'TestNANew' in %s005.php on line %d
object(TestNANew)#%d (0) {
} Notice: unserialize(): Error at offset 19 of 20 bytes in %s005.php on line %d
bool(false)
===NANew2=== ===NANew2===
unserializer(TestNANew2) unserializer(TestNANew2)
TestNew::unserialize() TestNew::unserialize()

View file

@ -6,8 +6,7 @@ Bug #67072 Echoing unserialized "SplFileObject" crash
?> ?>
===DONE== ===DONE==
--EXPECTF-- --EXPECTF--
Fatal error: Uncaught exception 'Exception' with message 'Unserialization of 'SplFileObject' is not allowed' in %sbug67072.php:2 Warning: Erroneous data format for unserializing 'SplFileObject' in %sbug67072.php on line %d
Stack trace:
#0 %sbug67072.php(2): unserialize('O:13:"SplFileOb...') Notice: unserialize(): Error at offset 24 of 64 bytes in %sbug67072.php on line %d
#1 {main} ===DONE==
thrown in %sbug67072.php on line 2

View file

@ -1,4 +1,4 @@
/* Generated by re2c 0.13.5 on Thu Apr 17 10:03:26 2014 */ /* Generated by re2c 0.13.5 on Fri Apr 18 15:07:27 2014 */
#line 1 "ext/standard/var_unserializer.re" #line 1 "ext/standard/var_unserializer.re"
/* /*
+----------------------------------------------------------------------+ +----------------------------------------------------------------------+
@ -396,9 +396,12 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
(*p) += 2; (*p) += 2;
if (ce->unserialize == NULL) { if (ce->serialize == NULL) {
object_init_ex(*rval, ce); object_init_ex(*rval, ce);
} else if (ce->unserialize(rval, ce, (const unsigned char*)*p, elements, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) { } else {
/* If this class implements Serializable, it should not land here but in object_custom(). The passed string
obviously doesn't descend from the regular serializer. */
zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name);
return 0; return 0;
} }
@ -466,7 +469,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
#line 470 "ext/standard/var_unserializer.c" #line 473 "ext/standard/var_unserializer.c"
{ {
YYCTYPE yych; YYCTYPE yych;
static const unsigned char yybm[] = { static const unsigned char yybm[] = {
@ -526,9 +529,9 @@ yy2:
yych = *(YYMARKER = ++YYCURSOR); yych = *(YYMARKER = ++YYCURSOR);
if (yych == ':') goto yy95; if (yych == ':') goto yy95;
yy3: yy3:
#line 821 "ext/standard/var_unserializer.re" #line 824 "ext/standard/var_unserializer.re"
{ return 0; } { return 0; }
#line 532 "ext/standard/var_unserializer.c" #line 535 "ext/standard/var_unserializer.c"
yy4: yy4:
yych = *(YYMARKER = ++YYCURSOR); yych = *(YYMARKER = ++YYCURSOR);
if (yych == ':') goto yy89; if (yych == ':') goto yy89;
@ -571,13 +574,13 @@ yy13:
goto yy3; goto yy3;
yy14: yy14:
++YYCURSOR; ++YYCURSOR;
#line 815 "ext/standard/var_unserializer.re" #line 818 "ext/standard/var_unserializer.re"
{ {
/* this is the case where we have less data than planned */ /* this is the case where we have less data than planned */
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
return 0; /* not sure if it should be 0 or 1 here? */ return 0; /* not sure if it should be 0 or 1 here? */
} }
#line 581 "ext/standard/var_unserializer.c" #line 584 "ext/standard/var_unserializer.c"
yy16: yy16:
yych = *++YYCURSOR; yych = *++YYCURSOR;
goto yy3; goto yy3;
@ -607,7 +610,7 @@ yy20:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != '"') goto yy18; if (yych != '"') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 669 "ext/standard/var_unserializer.re" #line 672 "ext/standard/var_unserializer.re"
{ {
size_t len, len2, len3, maxlen; size_t len, len2, len3, maxlen;
long elements; long elements;
@ -753,7 +756,7 @@ yy20:
return object_common2(UNSERIALIZE_PASSTHRU, elements); return object_common2(UNSERIALIZE_PASSTHRU, elements);
} }
#line 757 "ext/standard/var_unserializer.c" #line 760 "ext/standard/var_unserializer.c"
yy25: yy25:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych <= ',') { if (yych <= ',') {
@ -778,7 +781,7 @@ yy27:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != '"') goto yy18; if (yych != '"') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 661 "ext/standard/var_unserializer.re" #line 664 "ext/standard/var_unserializer.re"
{ {
INIT_PZVAL(*rval); INIT_PZVAL(*rval);
@ -786,7 +789,7 @@ yy27:
return object_common2(UNSERIALIZE_PASSTHRU, return object_common2(UNSERIALIZE_PASSTHRU,
object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
} }
#line 790 "ext/standard/var_unserializer.c" #line 793 "ext/standard/var_unserializer.c"
yy32: yy32:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych == '+') goto yy33; if (yych == '+') goto yy33;
@ -807,7 +810,7 @@ yy34:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != '{') goto yy18; if (yych != '{') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 641 "ext/standard/var_unserializer.re" #line 644 "ext/standard/var_unserializer.re"
{ {
long elements = parse_iv(start + 2); long elements = parse_iv(start + 2);
/* use iv() not uiv() in order to check data range */ /* use iv() not uiv() in order to check data range */
@ -827,7 +830,7 @@ yy34:
return finish_nested_data(UNSERIALIZE_PASSTHRU); return finish_nested_data(UNSERIALIZE_PASSTHRU);
} }
#line 831 "ext/standard/var_unserializer.c" #line 834 "ext/standard/var_unserializer.c"
yy39: yy39:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych == '+') goto yy40; if (yych == '+') goto yy40;
@ -848,7 +851,7 @@ yy41:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != '"') goto yy18; if (yych != '"') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 612 "ext/standard/var_unserializer.re" #line 615 "ext/standard/var_unserializer.re"
{ {
size_t len, maxlen; size_t len, maxlen;
char *str; char *str;
@ -877,7 +880,7 @@ yy41:
ZVAL_STRINGL(*rval, str, len, 0); ZVAL_STRINGL(*rval, str, len, 0);
return 1; return 1;
} }
#line 881 "ext/standard/var_unserializer.c" #line 884 "ext/standard/var_unserializer.c"
yy46: yy46:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych == '+') goto yy47; if (yych == '+') goto yy47;
@ -898,7 +901,7 @@ yy48:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != '"') goto yy18; if (yych != '"') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 584 "ext/standard/var_unserializer.re" #line 587 "ext/standard/var_unserializer.re"
{ {
size_t len, maxlen; size_t len, maxlen;
char *str; char *str;
@ -926,7 +929,7 @@ yy48:
ZVAL_STRINGL(*rval, str, len, 1); ZVAL_STRINGL(*rval, str, len, 1);
return 1; return 1;
} }
#line 930 "ext/standard/var_unserializer.c" #line 933 "ext/standard/var_unserializer.c"
yy53: yy53:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych <= '/') { if (yych <= '/') {
@ -1014,7 +1017,7 @@ yy61:
} }
yy63: yy63:
++YYCURSOR; ++YYCURSOR;
#line 574 "ext/standard/var_unserializer.re" #line 577 "ext/standard/var_unserializer.re"
{ {
#if SIZEOF_LONG == 4 #if SIZEOF_LONG == 4
use_double: use_double:
@ -1024,7 +1027,7 @@ use_double:
ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL)); ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL));
return 1; return 1;
} }
#line 1028 "ext/standard/var_unserializer.c" #line 1031 "ext/standard/var_unserializer.c"
yy65: yy65:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych <= ',') { if (yych <= ',') {
@ -1083,7 +1086,7 @@ yy73:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != ';') goto yy18; if (yych != ';') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 559 "ext/standard/var_unserializer.re" #line 562 "ext/standard/var_unserializer.re"
{ {
*p = YYCURSOR; *p = YYCURSOR;
INIT_PZVAL(*rval); INIT_PZVAL(*rval);
@ -1098,7 +1101,7 @@ yy73:
return 1; return 1;
} }
#line 1102 "ext/standard/var_unserializer.c" #line 1105 "ext/standard/var_unserializer.c"
yy76: yy76:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych == 'N') goto yy73; if (yych == 'N') goto yy73;
@ -1125,7 +1128,7 @@ yy79:
if (yych <= '9') goto yy79; if (yych <= '9') goto yy79;
if (yych != ';') goto yy18; if (yych != ';') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 532 "ext/standard/var_unserializer.re" #line 535 "ext/standard/var_unserializer.re"
{ {
#if SIZEOF_LONG == 4 #if SIZEOF_LONG == 4
int digits = YYCURSOR - start - 3; int digits = YYCURSOR - start - 3;
@ -1152,7 +1155,7 @@ yy79:
ZVAL_LONG(*rval, parse_iv(start + 2)); ZVAL_LONG(*rval, parse_iv(start + 2));
return 1; return 1;
} }
#line 1156 "ext/standard/var_unserializer.c" #line 1159 "ext/standard/var_unserializer.c"
yy83: yy83:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych <= '/') goto yy18; if (yych <= '/') goto yy18;
@ -1160,24 +1163,24 @@ yy83:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych != ';') goto yy18; if (yych != ';') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 525 "ext/standard/var_unserializer.re" #line 528 "ext/standard/var_unserializer.re"
{ {
*p = YYCURSOR; *p = YYCURSOR;
INIT_PZVAL(*rval); INIT_PZVAL(*rval);
ZVAL_BOOL(*rval, parse_iv(start + 2)); ZVAL_BOOL(*rval, parse_iv(start + 2));
return 1; return 1;
} }
#line 1171 "ext/standard/var_unserializer.c" #line 1174 "ext/standard/var_unserializer.c"
yy87: yy87:
++YYCURSOR; ++YYCURSOR;
#line 518 "ext/standard/var_unserializer.re" #line 521 "ext/standard/var_unserializer.re"
{ {
*p = YYCURSOR; *p = YYCURSOR;
INIT_PZVAL(*rval); INIT_PZVAL(*rval);
ZVAL_NULL(*rval); ZVAL_NULL(*rval);
return 1; return 1;
} }
#line 1181 "ext/standard/var_unserializer.c" #line 1184 "ext/standard/var_unserializer.c"
yy89: yy89:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych <= ',') { if (yych <= ',') {
@ -1200,7 +1203,7 @@ yy91:
if (yych <= '9') goto yy91; if (yych <= '9') goto yy91;
if (yych != ';') goto yy18; if (yych != ';') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 495 "ext/standard/var_unserializer.re" #line 498 "ext/standard/var_unserializer.re"
{ {
long id; long id;
@ -1223,7 +1226,7 @@ yy91:
return 1; return 1;
} }
#line 1227 "ext/standard/var_unserializer.c" #line 1230 "ext/standard/var_unserializer.c"
yy95: yy95:
yych = *++YYCURSOR; yych = *++YYCURSOR;
if (yych <= ',') { if (yych <= ',') {
@ -1246,7 +1249,7 @@ yy97:
if (yych <= '9') goto yy97; if (yych <= '9') goto yy97;
if (yych != ';') goto yy18; if (yych != ';') goto yy18;
++YYCURSOR; ++YYCURSOR;
#line 474 "ext/standard/var_unserializer.re" #line 477 "ext/standard/var_unserializer.re"
{ {
long id; long id;
@ -1267,9 +1270,9 @@ yy97:
return 1; return 1;
} }
#line 1271 "ext/standard/var_unserializer.c" #line 1274 "ext/standard/var_unserializer.c"
} }
#line 823 "ext/standard/var_unserializer.re" #line 826 "ext/standard/var_unserializer.re"
return 0; return 0;

View file

@ -400,9 +400,12 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
(*p) += 2; (*p) += 2;
if (ce->unserialize == NULL) { if (ce->serialize == NULL) {
object_init_ex(*rval, ce); object_init_ex(*rval, ce);
} else if (ce->unserialize(rval, ce, (const unsigned char*)*p, elements, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) { } else {
/* If this class implements Serializable, it should not land here but in object_custom(). The passed string
obviously doesn't descend from the regular serializer. */
zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name);
return 0; return 0;
} }