ID: 38378
Comment by: grzegorz dot nosek at netart dot pl
Reported By: clemens at gutweiler dot net
Status: Open
Bug Type: WDDX related
Operating System: Linux
PHP Version: 4.4.3
New Comment:
You also need something like the patch below because serialization of
plain integers is broken too. If you don't want to use full
WDDX_BUF_LEN, Z_STRLEN(tmp) + Z_STRLEN(WDDX_NUMBER) (or something)
might suffice.
Without the patch things like <number>1</number> seem to get eaten.
Trivial test case attached in the following diff.
--- php/ext/wddx/wddx.c~ Wed Aug 23 12:01:10 2006
+++ php/ext/wddx/wddx.c Wed Aug 23 12:00:35 2006
@@ -432,7 +432,7 @@
tmp = *var;
zval_copy_ctor(&tmp);
convert_to_string(&tmp);
- snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
+ snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_NUMBER, Z_STRVAL(tmp));
zval_dtor(&tmp);
php_wddx_add_chunk(packet, tmp_buf);
--- /dev/null Fri Jun 28 13:33:12 2002
+++ php/ext/wddx/tests/bug38738.phpt Wed Aug 23 12:04:10 2006
@@ -0,0 +1,13 @@
+--TEST--
+Bug #38378 wddx_serialize_value geneates no wellformed xml
+--FILE--
+<?php
+
+$hash["int"] = 1;
+$hash["string"] = "test";
+
+print wddx_serialize_vars('hash')."\n";
+?>
+--EXPECT--
+<wddxPacket version='1.0'><header/><data><struct><var
name='hash'><struct><var name='int'><number>1</number></var><var
name='string'><string>test</string></var></struct></var></struct></data></wddxPacket>
+
Previous Comments:
------------------------------------------------------------------------
[2006-08-21 14:36:48] sj at sjaensch dot org
When replacing sprintf() with snprintf(), the length of the resulting
string was calculated wrongly. Patch follows:
--- php-4.4.3/ext/wddx/wddx.c Fri May 26 03:55:26 2006
+++ php-4.4.3-fixed/ext/wddx/wddx.c Mon Aug 21 16:30:44 2006
@@ -626,12 +626,13 @@
{
char *tmp_buf;
char *name_esc;
- int name_esc_len;
+ int name_esc_len, tmp_buf_len;
if (name) {
name_esc = php_escape_html_entities(name, name_len,
&name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
- tmp_buf = emalloc(name_esc_len + 1);
- snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
+ tmp_buf_len = name_esc_len + strlen(WDDX_VAR_S);
+ tmp_buf = emalloc(tmp_buf_len+1);
+ snprintf(tmp_buf, tmp_buf_len, WDDX_VAR_S, name_esc);
php_wddx_add_chunk(packet, tmp_buf);
efree(tmp_buf);
efree(name_esc);
------------------------------------------------------------------------
[2006-08-17 13:06:20] hweidner at gmx dot net
The function wddx_serialize_vars seems also affected:
$array=array("aaa", "bbb", "ccc");
echo wddx_serialize_vars("array");
creates to the broken XML code unter PHP 4.4.3
<wddxPacket version='1.0'><header/><data><struct><var<array
length='3'><string>aaa</string><string>bbb</string><string>ccc</string></array></var></struct></data></wddxPacket>
------------------------------------------------------------------------
[2006-08-08 09:57:13] clemens at gutweiler dot net
Description:
------------
wddx_serialize_value generates an invalid wddx package/xml
string.
in php version 4.4.2 the sample code works, in 4.4.3 not.
Reproduce code:
---------------
<?php
$array = array(
'index' => array(
1 => 'integer key',
'string' => 'string key'
)
);
var_dump( wddx_serialize_value( $array ) );
?>
Expected result:
----------------
/web/cg/playground# /usr/local/php-4.4.2-fastcgi/bin/php
wddx.php
string(219) "<wddxPacket version='1.0'><header/
><data><struct><var name='index'><struct><var
name='1'><string>integer key</string></var><var
name='string'><string>string key</string></var></struct></
var></struct></data></wddxPacket>"
Actual result:
--------------
/web/cg/playground# /usr/local/php-4.4.3-fastcgi/bin/php
wddx.php
string(179) "<wddxPacket version='1.0'><header/
><data><struct><var <struct><string>integer key</string></
var><var n<string>string key</string></var></struct></var></
struct></data></wddxPacket>"
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=38378&edit=1
