diff options
author | Stanislav Malyshev <stas@php.net> | 2016-08-07 16:26:52 -0700 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-08-17 13:45:00 +0200 |
commit | b2d89c93e85504ccfcd865213685b89ec1cafcf9 (patch) | |
tree | 9bd8281541a59c9327ee94db455ba9acacce1c6a | |
parent | 4dd455c6d28064f3d56ec2c928c37ff3ac6f38b8 (diff) | |
download | php-git-b2d89c93e85504ccfcd865213685b89ec1cafcf9.tar.gz |
Fix bug #72750: wddx_deserialize null dereference
(cherry picked from commit 6930a1d12c47aa1d2675837852910d177b0ceb11)
Conflicts:
ext/wddx/wddx.c
(cherry picked from commit f1486f0fd63e888028e625a5ae02f10cc729c4c7)
-rw-r--r-- | ext/wddx/tests/bug72750.phpt | 34 | ||||
-rw-r--r-- | ext/wddx/wddx.c | 6 |
2 files changed, 39 insertions, 1 deletions
diff --git a/ext/wddx/tests/bug72750.phpt b/ext/wddx/tests/bug72750.phpt new file mode 100644 index 0000000000..3a6794df28 --- /dev/null +++ b/ext/wddx/tests/bug72750.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #72750: wddx_deserialize null dereference +--SKIPIF-- +<?php +if (!extension_loaded('wddx')) { + die('skip. wddx not available'); +} +?> +--FILE-- +<?php + +$xml = <<< XML +<?xml version='1.0'?> +<!DOCTYPE wddxPacket SYSTEM 'wddx_0100.dtd'> +<wddxPacket version='1.0'> +<header/> + <data> + <struct> + <var name='aBinary'> + <binary length='11'>\\tYmluYXJRhdGE=</binary> + </var> + </struct> + </data> +</wddxPacket> +XML; + +$array = wddx_deserialize($xml); +var_dump($array); +?> +--EXPECT-- +array(1) { + ["aBinary"]=> + string(0) "" +} diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c index 11cf0be62e..40b41ba373 100644 --- a/ext/wddx/wddx.c +++ b/ext/wddx/wddx.c @@ -897,7 +897,11 @@ static void php_wddx_pop_element(void *user_data, const XML_Char *name) zend_string *new_str = php_base64_decode( (unsigned char *)Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); zval_ptr_dtor(&ent1->data); - ZVAL_STR(&ent1->data, new_str); + if (new_str) { + ZVAL_STR(&ent1->data, new_str); + } else { + ZVAL_EMPTY_STRING(&ent1->data); + } } /* Call __wakeup() method on the object. */ |