[PHP-CVS] cvs: php-src(PHP_5_1) / NEWS /ext/wddx wddx.c /ext/wddx/tests bug34306.phpt

Wed, 31 Aug 2005 07:48:09 -0700 

sniper          Wed Aug 31 10:31:44 2005 EDT

  Added files:                 (Branch: PHP_5_1)
    /php-src/ext/wddx/tests     bug34306.phpt 

  Modified files:              
    /php-src    NEWS 
    /php-src/ext/wddx   wddx.c 
  Log:
  MFH:- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys)
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.2027.2.34&r2=1.2027.2.35&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.34 php-src/NEWS:1.2027.2.35
--- php-src/NEWS:1.2027.2.34    Wed Aug 31 10:29:18 2005
+++ php-src/NEWS        Wed Aug 31 10:31:43 2005
@@ -14,6 +14,7 @@
 - Fixed "make test" to work for phpized extensions. (Hartmut, Jani)
 - Fixed failing queries (FALSE returned) with mysqli_query() on 64 bit systems.
   (Andrey)
+- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys). 
(Jani)
 - Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
   (Derick)
 - Fixed bug #34299 (ReflectionClass::isInstantiable() returns true for abstract
http://cvs.php.net/diff.php/php-src/ext/wddx/wddx.c?r1=1.119.2.1&r2=1.119.2.2&ty=u
Index: php-src/ext/wddx/wddx.c
diff -u php-src/ext/wddx/wddx.c:1.119.2.1 php-src/ext/wddx/wddx.c:1.119.2.2
--- php-src/ext/wddx/wddx.c:1.119.2.1   Wed Aug 10 18:45:31 2005
+++ php-src/ext/wddx/wddx.c     Wed Aug 31 10:31:44 2005
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: wddx.c,v 1.119.2.1 2005/08/10 22:45:31 iliaa Exp $ */
+/* $Id: wddx.c,v 1.119.2.2 2005/08/31 14:31:44 sniper Exp $ */
 
 #include "php.h"
 
@@ -422,7 +422,7 @@
        tmp = *var;
        zval_copy_ctor(&tmp);
        convert_to_string(&tmp);
-       sprintf(tmp_buf, WDDX_NUMBER, Z_STRVAL(tmp));
+       snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
        zval_dtor(&tmp);
 
        php_wddx_add_chunk(packet, tmp_buf);    
@@ -617,15 +617,17 @@
  */
 void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int 
name_len TSRMLS_DC)
 {
-       char tmp_buf[WDDX_BUF_LEN];
+       char *tmp_buf;
        char *name_esc;
        int name_esc_len;
        HashTable *ht;
 
        if (name) {
                name_esc = php_escape_html_entities(name, name_len, 
&name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-               sprintf(tmp_buf, WDDX_VAR_S, name_esc);
+               tmp_buf = emalloc(name_esc_len + 1);
+               snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
+               efree(tmp_buf);
                efree(name_esc);
        }
        

http://cvs.php.net/co.php/php-src/ext/wddx/tests/bug34306.phpt?r=1.1&p=1
Index: php-src/ext/wddx/tests/bug34306.phpt
+++ php-src/ext/wddx/tests/bug34306.phpt
--TEST--
#34306 (wddx_serialize_value() crashes with long array keys)
--FILE--
<?php

$var = 
array('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890b12345678901234567891234567890123123121231211111'
 => 1);
$buf = wddx_serialize_value($var, 'name');
echo "OK\n";

?>
--EXPECT--
OK

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to