Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:1918 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 14476 invoked from network); 22 May 2003 22:58:51 -0000 Received: from unknown (HELO moutng.kundenserver.de) (212.227.126.177) by pb1.pair.com with SMTP; 22 May 2003 22:58:51 -0000 Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19Iz1L-0005uo-00; Fri, 23 May 2003 00:58:47 +0200 Received: from [217.80.180.225] (helo=[217.80.180.225]) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 19Iz1K-00042V-00; Fri, 23 May 2003 00:58:46 +0200 To: Dmitriy Myshkin Cc: internals@lists.php.net In-Reply-To: <1053642025.53293.17.camel@localhost> References: <200305211946.h4LJkAj04428@webp5.t3link.com> <1053639840.53293.14.camel@localhost> <1053642025.53293.17.camel@localhost> Content-Type: multipart/mixed; boundary="=-5aMgviYFacpFQKVM6by7" Organization: Message-ID: <1053644333.53293.21.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 23 May 2003 00:58:54 +0200 Subject: Re: [PHP-DEV] severe serialize problem From: thekid@thekid.de (Timm Friebe) --=-5aMgviYFacpFQKVM6by7 Content-Type: text/plain Content-Transfer-Encoding: 7bit On Fri, 2003-05-23 at 00:20, Timm Friebe wrote: > On Thu, 2003-05-22 at 23:44, Timm Friebe wrote: > [...] > > These patches to php_incomplete_class.h and var_unserializer.re, though > > not thoroughly tested, fix this. > > Here's a patch to php_incomplete_class.h with corrected whitespace. Some > lines were indented with spaces instead of tabs... While I'm at it: This patch also gets rid of memory leaks that occur when using the unserialize_callback_func ini directive. - Timm --=-5aMgviYFacpFQKVM6by7 Content-Disposition: attachment; filename=var_unserializer.re.diff Content-Type: text/x-patch; name=var_unserializer.re.diff; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Index: ext/standard/var_unserializer.c =================================================================== RCS file: /repository/php4/ext/standard/var_unserializer.c,v retrieving revision 1.22 diff -u -r1.22 var_unserializer.c --- ext/standard/var_unserializer.c 18 May 2003 12:09:08 -0000 1.22 +++ ext/standard/var_unserializer.c 22 May 2003 22:56:15 -0000 @@ -1,5 +1,5 @@ -/* Generated by re2c 0.5 on Sun May 18 14:06:59 2003 */ -#line 1 "/usr/src/php5/ext/standard/var_unserializer.re" +/* Generated by re2c 0.5 on Fri May 23 00:54:47 2003 */ +#line 1 "/usr/home/thekid/devel/php/php5/ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ | PHP Version 4 | @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: var_unserializer.c,v 1.22 2003/05/18 12:09:08 helly Exp $ */ +/* $Id: var_unserializer.re,v 1.14 2003/05/18 12:08:51 helly Exp $ */ #include "php.h" #include "ext/standard/php_var.h" @@ -339,7 +339,7 @@ yych = *(YYMARKER = ++YYCURSOR); if(yych == ':') goto yy74; yy4: -#line 430 +#line 441 { return 0; } yy5: yych = *++YYCURSOR; if(yych == ';') goto yy72; @@ -374,7 +374,7 @@ goto yy4; yy13: yych = *++YYCURSOR; yy14: -#line 424 +#line 435 { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); @@ -405,6 +405,7 @@ int len2; char *class_name; zend_class_entry *ce; + zend_class_entry **pce; int incomplete_class = 0; zval *user_func; @@ -425,50 +426,60 @@ class_name[len] = class_name[len] - 'A' + 'a'; } } - - if (zend_hash_find(CG(class_table), class_name, len2 + 1, (void **) &ce) != SUCCESS) { + + do { + /* Try to find class directly */ + if (zend_lookup_ns_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) { + ce = *pce; + break; + } + + /* Check for unserialize callback */ if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) { incomplete_class = 1; ce = PHP_IC_ENTRY; - } else { - MAKE_STD_ZVAL(user_func); - ZVAL_STRING(user_func, PG(unserialize_callback_func), 1); - - args[0] = &arg_func_name; - MAKE_STD_ZVAL(arg_func_name); - ZVAL_STRING(arg_func_name, class_name, 1); - - if (call_user_function_ex(CG(function_table), NULL, user_func, &retval_ptr, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "defined (%s) but not found", user_func->value.str.val); - incomplete_class = 1; - ce = PHP_IC_ENTRY; - } else { - if (zend_hash_find(CG(class_table), class_name, len2 + 1, (void **) &ce) != SUCCESS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "(%s) hasn't defined the class it was called for", user_func->value.str.val); - incomplete_class = 1; - ce = PHP_IC_ENTRY; - } else { -#ifdef ZEND_ENGINE_2 - ce = *(zend_class_entry **)ce; /* Bad hack, TBF! */ -#endif - efree(class_name); - } - } + break; + } + + /* Call unserialize callback */ + MAKE_STD_ZVAL(user_func); + ZVAL_STRING(user_func, PG(unserialize_callback_func), 1); + args[0] = &arg_func_name; + MAKE_STD_ZVAL(arg_func_name); + ZVAL_STRING(arg_func_name, class_name, 1); + if (call_user_function_ex(CG(function_table), NULL, user_func, &retval_ptr, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "defined (%s) but not found", user_func->value.str.val); + incomplete_class = 1; + ce = PHP_IC_ENTRY; + zval_ptr_dtor(&user_func); + zval_ptr_dtor(&arg_func_name); + break; + } + if (retval_ptr) { + zval_ptr_dtor(&retval_ptr); + } + + /* The callback function may have defined the class */ + if (zend_lookup_ns_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) { + ce = *pce; + break; } - } else { -#ifdef ZEND_ENGINE_2 - ce = *(zend_class_entry **)ce; /* Bad hack, TBF! */ -#endif - efree(class_name); - } + php_error_docref(NULL TSRMLS_CC, E_WARNING, "(%s) hasn't defined the class it was called for", user_func->value.str.val); + incomplete_class = 1; + ce = PHP_IC_ENTRY; + zval_ptr_dtor(&user_func); + zval_ptr_dtor(&arg_func_name); + break; + } while (1); + *p = YYCURSOR; elements = object_common1(UNSERIALIZE_PASSTHRU, ce); if (incomplete_class) { php_store_class_name(*rval, class_name, len2); - efree(class_name); } + efree(class_name); return object_common2(UNSERIALIZE_PASSTHRU, elements); } @@ -797,7 +808,7 @@ return 1; } } -#line 432 +#line 443 return 0; --=-5aMgviYFacpFQKVM6by7--