diff options
author | Xinchen Hui <laruence@gmail.com> | 2016-04-07 19:28:54 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@gmail.com> | 2016-04-07 19:28:54 +0800 |
commit | c85907682a14a6fa174cb4619c4afc8984260202 (patch) | |
tree | dff89ac70bc2d1ce023c9fe65807619ea7d4624f | |
parent | 079239a7cececfca9344b24f5bb1cca127d4bcc9 (diff) | |
download | php-git-c85907682a14a6fa174cb4619c4afc8984260202.tar.gz |
Improved fix for #71940
-rw-r--r-- | ext/standard/var.c | 8 | ||||
-rw-r--r-- | ext/standard/var_unserializer.c | 32 | ||||
-rw-r--r-- | ext/standard/var_unserializer.re | 2 |
3 files changed, 21 insertions, 21 deletions
diff --git a/ext/standard/var.c b/ext/standard/var.c index bc76699070..ca621dd8a4 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -1039,7 +1039,7 @@ PHP_FUNCTION(unserialize) if (!php_var_unserialize_ex(return_value, &p, p + buf_len, &var_hash, class_hash)) { PHP_VAR_UNSERIALIZE_DESTROY(var_hash); - if(class_hash) { + if (class_hash) { zend_hash_destroy(class_hash); FREE_HASHTABLE(class_hash); } @@ -1050,8 +1050,12 @@ PHP_FUNCTION(unserialize) } RETURN_FALSE; } + /* We should keep an reference to return_value to prevent it from being dtor + in case nesting calls to unserialize */ + var_push_dtor(&var_hash, return_value); + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); - if(class_hash) { + if (class_hash) { zend_hash_destroy(class_hash); FREE_HASHTABLE(class_hash); } diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 03ba750873..389c42b3de 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -574,7 +574,7 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 886 "ext/standard/var_unserializer.re" +#line 884 "ext/standard/var_unserializer.re" { return 0; } #line 580 "ext/standard/var_unserializer.c" yy4: @@ -619,7 +619,7 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 880 "ext/standard/var_unserializer.re" +#line 878 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL, E_NOTICE, "Unexpected end of serialized data"); @@ -655,7 +655,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 735 "ext/standard/var_unserializer.re" +#line 733 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; zend_long elements; @@ -825,7 +825,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 728 "ext/standard/var_unserializer.re" +#line 726 "ext/standard/var_unserializer.re" { if (!var_hash) return 0; @@ -871,15 +871,13 @@ yy34: zend_hash_real_init(Z_ARRVAL_P(rval), 0); } - /* We should keep an reference to rval to prevent it from being dtor */ - var_push_dtor(var_hash, rval); if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_P(rval), elements, 0)) { return 0; } return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 883 "ext/standard/var_unserializer.c" +#line 881 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -934,7 +932,7 @@ yy41: ZVAL_STR(rval, str); return 1; } -#line 938 "ext/standard/var_unserializer.c" +#line 936 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -987,7 +985,7 @@ yy48: ZVAL_STRINGL(rval, str, len); return 1; } -#line 991 "ext/standard/var_unserializer.c" +#line 989 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -1084,7 +1082,7 @@ use_double: ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 1088 "ext/standard/var_unserializer.c" +#line 1086 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1159,7 +1157,7 @@ yy73: return 1; } -#line 1163 "ext/standard/var_unserializer.c" +#line 1161 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1212,7 +1210,7 @@ yy79: ZVAL_LONG(rval, parse_iv(start + 2)); return 1; } -#line 1216 "ext/standard/var_unserializer.c" +#line 1214 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1226,7 +1224,7 @@ yy83: ZVAL_BOOL(rval, parse_iv(start + 2)); return 1; } -#line 1230 "ext/standard/var_unserializer.c" +#line 1228 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; #line 573 "ext/standard/var_unserializer.re" @@ -1235,7 +1233,7 @@ yy87: ZVAL_NULL(rval); return 1; } -#line 1239 "ext/standard/var_unserializer.c" +#line 1237 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1283,7 +1281,7 @@ yy91: return 1; } -#line 1287 "ext/standard/var_unserializer.c" +#line 1285 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1332,9 +1330,9 @@ yy97: return 1; } -#line 1336 "ext/standard/var_unserializer.c" +#line 1334 "ext/standard/var_unserializer.c" } -#line 888 "ext/standard/var_unserializer.re" +#line 886 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 02478167f0..c7e0581630 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -716,8 +716,6 @@ use_double: zend_hash_real_init(Z_ARRVAL_P(rval), 0); } - /* We should keep an reference to rval to prevent it from being dtor */ - var_push_dtor(var_hash, rval); if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_P(rval), elements, 0)) { return 0; } |