diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-03 14:32:04 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-03 14:32:30 +0100 |
| commit | 40b2f82380d508e22d50a97a6af4c04b7c04ed86 (patch) | |
| tree | 93f8cd82749d8ee7d4184601a68ac0cb58a20e4c | |
| parent | 3e5675d730c6fb099ebb1b9f645bdb3ba6b86d85 (diff) | |
| parent | b48f2625b57f70eea858033e623e6bf13b595e3b (diff) | |
| download | php-git-40b2f82380d508e22d50a97a6af4c04b7c04ed86.tar.gz | |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #79015: undefined-behavior in php_date.c
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | ext/date/php_date.c | 12 | ||||
| -rw-r--r-- | ext/date/tests/bug79015.phpt | 42 |
3 files changed, 52 insertions, 5 deletions
@@ -20,6 +20,9 @@ PHP NEWS - CURL: . Fixed bug #79033 (Curl timeout error with specific url and post). (cmb) +- Date: + . Fixed bug #79015 (undefined-behavior in php_date.c). (cmb) + - Exif: . Fixed bug #79046 (NaN to int cast undefined behavior in exif). (Nikita) diff --git a/ext/date/php_date.c b/ext/date/php_date.c index f049ae2526..ca34ad4d8c 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -4426,14 +4426,16 @@ static int php_date_interval_initialize_from_hash(zval **return_value, php_inter PHP_DATE_INTERVAL_READ_PROPERTY("h", h, timelib_sll, -1) PHP_DATE_INTERVAL_READ_PROPERTY("i", i, timelib_sll, -1) PHP_DATE_INTERVAL_READ_PROPERTY("s", s, timelib_sll, -1) - do { + { zval *z_arg = zend_hash_str_find(myht, "f", sizeof("f") - 1); + (*intobj)->diff->us = -1000000; if (z_arg) { - (*intobj)->diff->us = ((double)zval_get_double(z_arg) * 1000000); - } else { - (*intobj)->diff->us = (double) -1000000; + double val = zval_get_double(z_arg) * 1000000; + if (val >= 0 && val < 1000000) { + (*intobj)->diff->us = val; + } } - } while (0); + } PHP_DATE_INTERVAL_READ_PROPERTY("weekday", weekday, int, -1) PHP_DATE_INTERVAL_READ_PROPERTY("weekday_behavior", weekday_behavior, int, -1) PHP_DATE_INTERVAL_READ_PROPERTY("first_last_day_of", first_last_day_of, int, -1) diff --git a/ext/date/tests/bug79015.phpt b/ext/date/tests/bug79015.phpt new file mode 100644 index 0000000000..5ebb13832b --- /dev/null +++ b/ext/date/tests/bug79015.phpt @@ -0,0 +1,42 @@ +--TEST-- +Bug #79015 (undefined-behavior in php_date.c) +--FILE-- +<?php +$payload = 'O:12:"DateInterval":16:{s:1:"y";i:1;s:1:"m";i:0;s:1:"d";i:4;s:1:"h";i:0;s:1:"i";i:0;s:1:"s";i:0;s:1:"f";i:9999999999990;s:7:"weekday";i:0;s:16:"weekday_behavior";i:0;s:17:"first_last_day_of";i:0;s:6:"invert";i:0;s:4:"days";b:0;s:12:"special_type";i:0;s:14:"special_amount";i:0;s:21:"have_weekday_relative";i:0;s:21:"have_special_relative";i:0;}'; +var_dump(unserialize($payload)); +?> +--EXPECTF-- +object(DateInterval)#%d (16) { + ["y"]=> + int(1) + ["m"]=> + int(0) + ["d"]=> + int(4) + ["h"]=> + int(0) + ["i"]=> + int(0) + ["s"]=> + int(0) + ["f"]=> + float(-1) + ["weekday"]=> + int(0) + ["weekday_behavior"]=> + int(0) + ["first_last_day_of"]=> + int(0) + ["invert"]=> + int(0) + ["days"]=> + bool(false) + ["special_type"]=> + int(0) + ["special_amount"]=> + int(0) + ["have_weekday_relative"]=> + int(0) + ["have_special_relative"]=> + int(0) +} |