ID: 43614 Updated by: [EMAIL PROTECTED] -Summary: incorrect processing of numerical string keys of array (unserialize) Reported By: dmitriy dot buldakov at toatech dot com -Status: Open +Status: Closed Bug Type: Arrays related Operating System: Mac OS X PHP Version: 5.2.5 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Thanks for the patch. Previous Comments: ------------------------------------------------------------------------ [2007-12-18 14:38:41] dmitriy dot buldakov at toatech dot com Felipe, yes, you are right, yours code works good with "0" but still have problem with leading spaces. I mean that unserialize with yours patch converts string(" 9") to int(9). ------------------------------------------------------------------------ [2007-12-18 14:18:18] dmitriy dot buldakov at toatech dot com final version of the patch --- var_unserializer.c 2007-12-18 16:11:48.000000000 +0200 +++ var_unserializer.c.old 2007-12-18 16:11:32.000000000 +0200 @@ -288,10 +288,10 @@ static inline int process_nested_data(UN zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL); break; case IS_STRING: - if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { + if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { var_push_dtor(var_hash, old_data); } - zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL); + zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL); break; } ------------------------------------------------------------------------ [2007-12-18 14:09:51] [EMAIL PROTECTED] No, it works fine with '0'. I improved the code and test now. Results: array(1) { [999999999]=> int(1) } array(1) { ["9999999999"]=> int(1) } array(1) { ["+1"]=> int(1) } array(1) { [11]=> int(1) } array(1) { ["00"]=> int(1) } array(1) { [0]=> int(1) } array(1) { ["-0"]=> int(1) } array(1) { ["-01"]=> int(1) } array(1) { [-10]=> int(1) } ------------------------------------------------------------------------ [2007-12-18 13:49:01] dmitriy dot buldakov at toatech dot com --- var_unserializer.c.orig 2007-12-18 12:13:16.000000000 +0200 +++ var_unserializer.c 2007-12-18 15:40:22.000000000 +0200 @@ -282,16 +282,10 @@ static inline int process_nested_data(UN switch (Z_TYPE_P(key)) { case IS_LONG: - if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)&old_data)==SUCCESS) { - var_push_dtor(var_hash, old_data); - } zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL); break; case IS_STRING: - if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { - var_push_dtor(var_hash, old_data); - } - zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL); + zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL); break; } ------------------------------------------------------------------------ [2007-12-18 13:46:45] dmitriy dot buldakov at toatech dot com The following code works well switch (Z_TYPE_P(key)) { case IS_LONG: zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL); break; case IS_STRING: zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL); break; } but looks like still there is a problem here. compearing var_unserialize.c with array.c you can see that key array.c uses more sufficient key preparation. So, about the code - what should I do to put the code into repository? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43614 -- Edit this bug report at http://bugs.php.net/?id=43614&edit=1