diff options
| author | Nikita Popov <nikic@php.net> | 2016-09-06 12:59:35 +0200 |
|---|---|---|
| committer | Nikita Popov <nikic@php.net> | 2016-09-06 12:59:35 +0200 |
| commit | 09f7bb2082067baab56fe0f04a6531beef253d95 (patch) | |
| tree | 34777253f8148057c0a418e9a24bcf3cb03fd4fa | |
| parent | 5d394b3bb4b6e08049c4cb96c8c1c7a44074ad0e (diff) | |
| download | php-git-09f7bb2082067baab56fe0f04a6531beef253d95.tar.gz | |
Followup for bug #72785
Fix incorrect handling of nesting ... need to reset to the old
value afterwards.
| -rw-r--r-- | ext/standard/php_var.h | 1 | ||||
| -rw-r--r-- | ext/standard/var.c | 33 | ||||
| -rw-r--r-- | ext/standard/var_unserializer.c | 990 | ||||
| -rw-r--r-- | ext/standard/var_unserializer.re | 3 |
4 files changed, 529 insertions, 498 deletions
diff --git a/ext/standard/php_var.h b/ext/standard/php_var.h index 2d1cc5a40b..c9dbddeaac 100644 --- a/ext/standard/php_var.h +++ b/ext/standard/php_var.h @@ -50,6 +50,7 @@ PHPAPI php_serialize_data_t php_var_serialize_init(void); PHPAPI void php_var_serialize_destroy(php_serialize_data_t d); PHPAPI php_unserialize_data_t php_var_unserialize_init(void); PHPAPI void php_var_unserialize_destroy(php_unserialize_data_t d); +PHPAPI HashTable *php_var_unserialize_get_allowed_classes(php_unserialize_data_t d); PHPAPI void php_var_unserialize_set_allowed_classes(php_unserialize_data_t d, HashTable *classes); #define PHP_VAR_SERIALIZE_INIT(d) \ diff --git a/ext/standard/var.c b/ext/standard/var.c index 18d027f5aa..8722f3df34 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -1065,7 +1065,7 @@ PHP_FUNCTION(unserialize) const unsigned char *p; php_unserialize_data_t var_hash; zval *options = NULL, *classes = NULL; - HashTable *class_hash = NULL; + HashTable *class_hash = NULL, *prev_class_hash; if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &options) == FAILURE) { RETURN_FALSE; @@ -1077,7 +1077,9 @@ PHP_FUNCTION(unserialize) p = (const unsigned char*) buf; PHP_VAR_UNSERIALIZE_INIT(var_hash); - if(options != NULL) { + + prev_class_hash = php_var_unserialize_get_allowed_classes(var_hash); + if (options != NULL) { classes = zend_hash_str_find(Z_ARRVAL_P(options), "allowed_classes", sizeof("allowed_classes")-1); if (classes && Z_TYPE_P(classes) != IS_ARRAY && Z_TYPE_P(classes) != IS_TRUE && Z_TYPE_P(classes) != IS_FALSE) { php_error_docref(NULL, E_WARNING, "allowed_classes option should be array or boolean"); @@ -1104,32 +1106,31 @@ PHP_FUNCTION(unserialize) } if (!php_var_unserialize(return_value, &p, p + buf_len, &var_hash)) { - PHP_VAR_UNSERIALIZE_DESTROY(var_hash); - if (class_hash) { - zend_hash_destroy(class_hash); - FREE_HASHTABLE(class_hash); - } zval_ptr_dtor(return_value); if (!EG(exception)) { php_error_docref(NULL, E_NOTICE, "Error at offset " ZEND_LONG_FMT " of %zd bytes", (zend_long)((char*)p - buf), buf_len); } - RETURN_FALSE; - } - /* We should keep an reference to return_value to prevent it from being dtor - in case nesting calls to unserialize */ - var_push_dtor(&var_hash, return_value); + RETVAL_FALSE; + } else { + /* We should keep an reference to return_value to prevent it from being dtor + in case nesting calls to unserialize */ + var_push_dtor(&var_hash, return_value); - /* Ensure return value is a value */ - if (Z_ISREF_P(return_value)) { - zend_unwrap_reference(return_value); + /* Ensure return value is a value */ + if (Z_ISREF_P(return_value)) { + zend_unwrap_reference(return_value); + } } - PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (class_hash) { zend_hash_destroy(class_hash); FREE_HASHTABLE(class_hash); } + + /* Reset to previous allowed_classes in case this is a nested call */ + php_var_unserialize_set_allowed_classes(var_hash, prev_class_hash); + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); } /* }}} */ diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 18f80a8c7d..f3b997a6ef 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.7.5 */ +/* Generated by re2c 0.16 */ #line 1 "ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ @@ -59,6 +59,9 @@ PHPAPI void php_var_unserialize_destroy(php_unserialize_data_t d) { } } +PHPAPI HashTable *php_var_unserialize_get_allowed_classes(php_unserialize_data_t d) { + return d->allowed_classes; +} PHPAPI void php_var_unserialize_set_allowed_classes(php_unserialize_data_t d, HashTable *classes) { d->allowed_classes = classes; } @@ -280,7 +283,7 @@ static inline int unserialize_allowed_class( #define YYMARKER marker -#line 288 "ext/standard/var_unserializer.re" +#line 291 "ext/standard/var_unserializer.re" @@ -586,7 +589,7 @@ static int php_var_unserialize_internal(UNSERIALIZE_PARAMETER) start = cursor; -#line 590 "ext/standard/var_unserializer.c" +#line 593 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -623,112 +626,510 @@ static int php_var_unserialize_internal(UNSERIALIZE_PARAMETER) 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; - if ((YYLIMIT - YYCURSOR) < 7) YYFILL(7); yych = *YYCURSOR; switch (yych) { case 'C': - case 'O': goto yy13; + case 'O': goto yy4; case 'N': goto yy5; - case 'R': goto yy2; - case 'S': goto yy10; - case 'a': goto yy11; - case 'b': goto yy6; - case 'd': goto yy8; - case 'i': goto yy7; + case 'R': goto yy6; + case 'S': goto yy7; + case 'a': goto yy8; + case 'b': goto yy9; + case 'd': goto yy10; + case 'i': goto yy11; case 'o': goto yy12; - case 'r': goto yy4; - case 's': goto yy9; - case '}': goto yy14; - default: goto yy16; + case 'r': goto yy13; + case 's': goto yy14; + case '}': goto yy15; + default: goto yy2; } yy2: - yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy95; + ++YYCURSOR; yy3: -#line 956 "ext/standard/var_unserializer.re" +#line 959 "ext/standard/var_unserializer.re" { return 0; } -#line 652 "ext/standard/var_unserializer.c" +#line 653 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy89; + if (yych == ':') goto yy17; goto yy3; yy5: yych = *++YYCURSOR; - if (yych == ';') goto yy87; + if (yych == ';') goto yy19; goto yy3; yy6: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy83; + if (yych == ':') goto yy21; goto yy3; yy7: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy77; + if (yych == ':') goto yy22; goto yy3; yy8: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy53; + if (yych == ':') goto yy23; goto yy3; yy9: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy46; + if (yych == ':') goto yy24; goto yy3; yy10: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy39; + if (yych == ':') goto yy25; goto yy3; yy11: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy32; + if (yych == ':') goto yy26; goto yy3; yy12: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy25; + if (yych == ':') goto yy27; goto yy3; yy13: yych = *(YYMARKER = ++YYCURSOR); - if (yych == ':') goto yy17; + if (yych == ':') goto yy28; goto yy3; yy14: + yych = *(YYMARKER = ++YYCURSOR); + if (yych == ':') goto yy29; + goto yy3; +yy15: ++YYCURSOR; -#line 950 "ext/standard/var_unserializer.re" +#line 953 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 701 "ext/standard/var_unserializer.c" -yy16: - yych = *++YYCURSOR; - goto yy3; +#line 706 "ext/standard/var_unserializer.c" yy17: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy20; + goto yy31; } - if (yych == '+') goto yy19; + if (yych == '+') goto yy30; yy18: YYCURSOR = YYMARKER; goto yy3; yy19: + ++YYCURSOR; +#line 648 "ext/standard/var_unserializer.re" + { + *p = YYCURSOR; + ZVAL_NULL(rval); + return 1; +} +#line 724 "ext/standard/var_unserializer.c" +yy21: + yych = *++YYCURSOR; + if (yych <= ',') { + if (yych == '+') goto yy33; + goto yy18; + } else { + if (yych <= '-') goto yy33; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy34; + goto yy18; + } +yy22: + yych = *++YYCURSOR; + if (yych == '+') goto yy36; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy37; + goto yy18; +yy23: + yych = *++YYCURSOR; + if (yych == '+') goto yy39; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy40; + goto yy18; +yy24: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '1') goto yy42; + goto yy18; +yy25: + yych = *++YYCURSOR; + if (yych <= '/') { + if (yych <= ',') { + if (yych == '+') goto yy43; + goto yy18; + } else { + if (yych <= '-') goto yy44; + if (yych <= '.') goto yy45; + goto yy18; + } + } else { + if (yych <= 'I') { + if (yych <= '9') goto yy46; + if (yych <= 'H') goto yy18; + goto yy48; + } else { + if (yych == 'N') goto yy49; + goto yy18; + } + } +yy26: + yych = *++YYCURSOR; + if (yych <= ',') { + if (yych == '+') goto yy50; + goto yy18; + } else { + if (yych <= '-') goto yy50; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy51; + goto yy18; + } +yy27: + yych = *++YYCURSOR; + if (yych <= ',') { + if (yych == '+') goto yy53; + goto yy18; + } else { + if (yych <= '-') goto yy53; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy54; + goto yy18; + } +yy28: + yych = *++YYCURSOR; + if (yych <= ',') { + if (yych == '+') goto yy56; + goto yy18; + } else { + if (yych <= '-') goto yy56; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy57; + goto yy18; + } +yy29: + yych = *++YYCURSOR; + if (yych == '+') goto yy59; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy60; + goto yy18; +yy30: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy20; + goto yy31; } goto yy18; -yy20: +yy31: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yybm[0+yych] & 128) { - goto yy20; + goto yy31; } if (yych <= '/') goto yy18; - if (yych >= ';') goto yy18; + if (yych <= ':') goto yy62; + goto yy18; +yy33: yych = *++YYCURSOR; - if (yych != '"') goto yy18; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy34: ++YYCURSOR; -#line 805 "ext/standard/var_unserializer.re" + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy34; + if (yych == ';') goto yy63; + goto yy18; +yy36: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy37: + ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy37; + if (yych <= ':') goto yy65; + goto yy18; +yy39: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy40: + ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy40; + if (yych <= ':') goto yy66; + goto yy18; +yy42: + yych = *++YYCURSOR; + if (yych == ';') goto yy67; + goto yy18; +yy43: + yych = *++YYCURSOR; + if (yych == '.') goto yy45; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy46; + goto yy18; +yy44: + yych = *++YYCURSOR; + if (yych <= '/') { + if (yych != '.') goto yy18; + } else { + if (yych <= '9') goto yy46; + if (yych == 'I') goto yy48; + goto yy18; + } +yy45: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy69; + goto yy18; +yy46: + ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); + yych = *YYCURSOR; + if (yych <= ':') { + if (yych <= '.') { + if (yych <= '-') goto yy18; + goto yy69; + } else { + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy46; + goto yy18; + } + } else { + if (yych <= 'E') { + if (yych <= ';') goto yy71; + if (yych <= 'D') goto yy18; + goto yy73; + } else { + if (yych == 'e') goto yy73; + goto yy18; + } + } +yy48: + yych = *++YYCURSOR; + if (yych == 'N') goto yy74; + goto yy18; +yy49: + yych = *++YYCURSOR; + if (yych == 'A') goto yy75; + goto yy18; +yy50: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy51: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy51; + if (yych == ';') goto yy76; + goto yy18; +yy53: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy54: + ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy54; + if (yych <= ':') goto yy78; + goto yy18; +yy56: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy57: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy57; + if (yych == ';') goto yy79; + goto yy18; +yy59: + yych = *++YYCURSOR; + if (yych <= '/') goto yy18; + if (yych >= ':') goto yy18; +yy60: + ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); + yych = *YYCURSOR; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy60; + if (yych <= ':') goto yy81; + goto yy18; +yy62: + yych = *++YYCURSOR; + if (yych == '"') goto yy82; + goto yy18; +yy63: + ++YYCURSOR; +#line 597 "ext/standard/var_unserializer.re" + { + zend_long id; + + *p = YYCURSOR; + if (!var_hash) return 0; + + id = parse_iv(start + 2) - 1; + if (id == -1 || (rval_ref = var_access(var_hash, id)) == NULL) { + return 0; + } + + zval_ptr_dtor(rval); + if (Z_ISUNDEF_P(rval_ref) || (Z_ISREF_P(rval_ref) && Z_ISUNDEF_P(Z_REFVAL_P(rval_ref)))) { + ZVAL_UNDEF(rval); + return 1; + } + if (Z_ISREF_P(rval_ref)) { + ZVAL_COPY(rval, rval_ref); + } else { + ZVAL_NEW_REF(rval_ref, rval_ref); + ZVAL_COPY(rval, rval_ref); + } + + return 1; +} +#line 1000 "ext/standard/var_unserializer.c" +yy65: + yych = *++YYCURSOR; + if (yych == '"') goto yy84; + goto yy18; +yy66: + yych = *++YYCURSOR; + if (yych == '{') goto yy86; + goto yy18; +yy67: + ++YYCURSOR; +#line 654 "ext/standard/var_unserializer.re" + { + *p = YYCURSOR; + ZVAL_BOOL(rval, parse_iv(start + 2)); + return 1; +} +#line 1017 "ext/standard/var_unserializer.c" +yy69: + ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); + yych = *YYCURSOR; + if (yych <= ';') { + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy69; + if (yych <= ':') goto yy18; + } else { + if (yych <= 'E') { + if (yych <= 'D') goto yy18; + goto yy73; + } else { + if (yych == 'e') goto yy73; + goto yy18; + } + } +yy71: + ++YYCURSOR; +#line 702 "ext/standard/var_unserializer.re" + { +#if SIZEOF_ZEND_LONG == 4 +use_double: +#endif + *p = YYCURSOR; + ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL)); + return 1; +} +#line 1046 "ext/standard/var_unserializer.c" +yy73: + yych = *++YYCURSOR; + if (yych <= ',') { + if (yych == '+') goto yy88; + goto yy18; + } else { + if (yych <= '-') goto yy88; + if (yych <= '/') goto yy18; + if (yych <= '9') goto yy89; + goto yy18; + } +yy74: + yych = *++YYCURSOR; + if (yych == 'F') goto yy91; + goto yy18; +yy75: + yych = *++YYCURSOR; + if (yych == 'N') goto yy91; + goto yy18; +yy76: + ++YYCURSOR; +#line 660 "ext/standard/var_unserializer.re" + { +#if SIZEOF_ZEND_LONG == 4 + int digits = YYCURSOR - start - 3; + + if (start[2] == '-' || start[2] == '+') { + digits--; + } + + /* Use double for large zend_long values that were serialized on a 64-bit system */ + if (digits >= MAX_LENGTH_OF_LONG - 1) { + if (digits == MAX_LENGTH_OF_LONG - 1) { + int cmp = strncmp((char*)YYCURSOR - MAX_LENGTH_OF_LONG, long_min_digits, MAX_LENGTH_OF_LONG - 1); + + if (!(cmp < 0 || (cmp == 0 && start[2] == '-'))) { + goto use_double; + } + } else { + goto use_double; + } + } +#endif + *p = YYCURSOR; + ZVAL_LONG(rval, parse_iv(start + 2)); + return 1; +} +#line 1094 "ext/standard/var_unserializer.c" +yy78: + yych = *++YYCURSOR; + if (yych == '"') goto yy92; + goto yy18; +yy79: + ++YYCURSOR; +#line 623 "ext/standard/var_unserializer.re" + { + zend_long id; + + *p = YYCURSOR; + if (!var_hash) return 0; + + id = parse_iv(start + 2) - 1; + if (id == -1 || (rval_ref = var_access(var_hash, id)) == NULL) { + return 0; + } + + if (rval_ref == rval) { + return 0; + } + + if (Z_ISUNDEF_P(rval_ref) || (Z_ISREF_P(rval_ref) && Z_ISUNDEF_P(Z_REFVAL_P(rval_ref)))) { + ZVAL_UNDEF(rval); + return 1; + } + + ZVAL_COPY(rval, rval_ref); + + return 1; +} +#line 1126 "ext/standard/var_unserializer.c" +yy81: + yych = *++YYCURSOR; + if (yych == '"') goto yy94; + goto yy18; +yy82: + ++YYCURSOR; +#line 808 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; zend_long elements; @@ -873,105 +1274,10 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 877 "ext/standard/var_unserializer.c" -yy25: - yych = *++YYCURSOR; - if (yych <= ',') { - if (yych != '+') goto yy18; - } else { - if (yych <= '-') goto yy26; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy27; - goto yy18; - } -yy26: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy27: +#line 1278 "ext/standard/var_unserializer.c" +yy84: ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy27; - if (yych >= ';') goto yy18; - yych = *++YYCURSOR; - if (yych != '"') goto yy18; - ++YYCURSOR; -#line 798 "ext/standard/var_unserializer.re" - { - if (!var_hash) return 0; - - return object_common2(UNSERIALIZE_PASSTHRU, - object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); -} -#line 909 "ext/standard/var_unserializer.c" -yy32: - yych = *++YYCURSOR; - if (yych == '+') goto yy33; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy34; - goto yy18; -yy33: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy34: - ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy34; - if (yych >= ';') goto yy18; - yych = *++YYCURSOR; - if (yych != '{') goto yy18; - ++YYCURSOR; -#line 774 "ext/standard/var_unserializer.re" - { - zend_long elements = parse_iv(start + 2); - /* use iv() not uiv() in order to check data range */ - *p = YYCURSOR; - if (!var_hash) return 0; - - if (elements < 0) { - return 0; - } - - array_init_size(rval, elements); - if (elements) { - /* we can't convert from packed to hash during unserialization, because - reference to some zvals might be keept in var_hash (to support references) */ - zend_hash_real_init(Z_ARRVAL_P(rval), 0); - } - - if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_P(rval), elements, 0)) { - return 0; - } - - return finish_nested_data(UNSERIALIZE_PASSTHRU); -} -#line 954 "ext/standard/var_unserializer.c" -yy39: - yych = *++YYCURSOR; - if (yych == '+') goto yy40; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy41; - goto yy18; -yy40: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy41: - ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy41; - if (yych >= ';') goto yy18; - yych = *++YYCURSOR; - if (yych != '"') goto yy18; - ++YYCURSOR; -#line 740 "ext/standard/var_unserializer.re" +#line 743 "ext/standard/var_unserializer.re" { size_t len, maxlen; zend_string *str; @@ -1005,407 +1311,127 @@ yy41: ZVAL_STR(rval, str); return 1; } -#line 1009 "ext/standard/var_unserializer.c" -yy46: - yych = *++YYCURSOR; - if (yych == '+') goto yy47; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy48; - goto yy18; -yy47: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy48: - ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy48; - if (yych >= ';') goto yy18; - yych = *++YYCURSOR; - if (yych != '"') goto yy18; +#line 1315 "ext/standard/var_unserializer.c" +yy86: ++YYCURSOR; -#line 708 "ext/standard/var_unserializer.re" +#line 777 "ext/standard/var_unserializer.re" { - size_t len, maxlen; - char *str; + zend_long elements = parse_iv(start + 2); + /* use iv() not uiv() in order to check data range */ + *p = YYCURSOR; + if (!var_hash) return 0; - len = parse_uiv(start + 2); - maxlen = max - YYCURSOR; - if (maxlen < len) { - *p = start + 2; + if (elements < 0) { return 0; } - str = (char*)YYCURSOR; - - YYCURSOR += len; - - if (*(YYCURSOR) != '"') { - *p = YYCURSOR; - return 0; + array_init_size(rval, elements); + if (elements) { + /* we can't convert from packed to hash during unserialization, because + reference to some zvals might be keept in var_hash (to support references) */ + zend_hash_real_init(Z_ARRVAL_P(rval), 0); } - if (*(YYCURSOR + 1) != ';') { - *p = YYCURSOR + 1; + if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_P(rval), elements, 0)) { return 0; } - YYCURSOR += 2; - *p = YYCURSOR; - - ZVAL_STRINGL(rval, str, len); - return 1; -} -#line 1062 "ext/standard/var_unserializer.c" -yy53: - yych = *++YYCURSOR; - if (yych <= '/') { - if (yych <= ',') { - if (yych == '+') goto yy57; - goto yy18; - } else { - if (yych <= '-') goto yy55; - if (yych <= '.') goto yy60; - goto yy18; - } - } else { - if (yych <= 'I') { - if (yych <= '9') goto yy58; - if (yych <= 'H') goto yy18; - goto yy56; - } else { - if (yych != 'N') goto yy18; - } - } - yych = *++YYCURSOR; - if (yych == 'A') goto yy76; - goto yy18; -yy55: - yych = *++YYCURSOR; - if (yych <= '/') { - if (yych == '.') goto yy60; - goto yy18; - } else { - if (yych <= '9') goto yy58; - if (yych != 'I') goto yy18; - } -yy56: - yych = *++YYCURSOR; - if (yych == 'N') goto yy72; - goto yy18; -yy57: - yych = *++YYCURSOR; - if (yych == '.') goto yy60; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy58: - ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); - yych = *YYCURSOR; - if (yych <= ':') { - if (yych <= '.') { - if (yych <= '-') goto yy18; - goto yy70; - } else { - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy58; - goto yy18; - } - } else { - if (yych <= 'E') { - if (yych <= ';') goto yy63; - if (yych <= 'D') goto yy18; - goto yy65; - } else { - if (yych == 'e') goto yy65; - goto yy18; - } - } -yy60: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy61: - ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); - yych = *YYCURSOR; - if (yych <= ';') { - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy61; - if (yych <= ':') goto yy18; - } else { - if (yych <= 'E') { - if (yych <= 'D') goto yy18; - goto yy65; - } else { - if (yych == 'e') goto yy65; - goto yy18; - } - } -yy63: - ++YYCURSOR; -#line 699 "ext/standard/var_unserializer.re" - { -#if SIZEOF_ZEND_LONG == 4 -use_double: -#endif - *p = YYCURSOR; - ZVAL_DOUBLE(rval, zend_strtod((const char *)start + 2, NULL)); - return 1; + return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 1159 "ext/standard/var_unserializer.c" -yy65: +#line 1342 "ext/standard/var_unserializer.c" +yy88: yych = *++YYCURSOR; if (yych <= ',') { - if (yych != '+') goto yy18; - } else { - if (yych <= '-') goto yy66; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy67; - goto yy18; - } -yy66: - yych = *++YYCURSOR; - if (yych <= ',') { - if (yych == '+') goto yy69; + if (yych == '+') goto yy96; goto yy18; } else { - if (yych <= '-') goto yy69; + if (yych <= '-') goto yy96; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; } -yy67: +yy89: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; if (yych <= '/') goto yy18; - if (yych <= '9') goto yy67; - if (yych == ';') goto yy63; + if (yych <= '9') goto yy89; + if (yych == ';') goto yy71; goto yy18; -yy69: +yy91: yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy67; + if (yych == ';') goto yy97; goto yy18; -yy70: - ++YYCURSOR; - if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); - yych = *YYCURSOR; - if (yych <= ';') { - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy70; - if (yych <= ':') goto yy18; - goto yy63; - } else { - if (yych <= 'E') { - if (yych <= 'D') goto yy18; - goto yy65; - } else { - if (yych == 'e') goto yy65; - goto yy18; - } - } -yy72: - yych = *++YYCURSOR; - if (yych != 'F') goto yy18; -yy73: - yych = *++YYCURSOR; - if (yych != ';') goto yy18; +yy92: ++YYCURSOR; -#line 683 "ext/standard/var_unserializer.re" +#line 801 "ext/standard/var_unserializer.re" { - *p = YYCURSOR; - - if (!strncmp((char*)start + 2, "NAN", 3)) { - ZVAL_DOUBLE(rval, php_get_nan()); - } else if (!strncmp((char*)start + 2, "INF", 3)) { - ZVAL_DOUBLE(rval, php_get_inf()); - } else if (!strncmp((char*)start + 2, "-INF", 4)) { - ZVAL_DOUBLE(rval, -php_get_inf()); - } else { - ZVAL_NULL(rval); - } + if (!var_hash) return 0; - return 1; + return object_common2(UNSERIALIZE_PASSTHRU, + object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 1234 "ext/standard/var_unserializer.c" -yy76: - yych = *++YYCURSOR; - if (yych == 'N') goto yy73; - goto yy18; -yy77: - yych = *++YYCURSOR; - if (yych <= ',') { - if (yych != '+') goto yy18; - } else { - if (yych <= '-') goto yy78; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy79; - goto yy18; - } -yy78: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy79: +#line 1374 "ext/standard/var_unserializer.c" +yy94: ++YYCURSOR; - if (YYLIMIT <= YYCURSOR) YYFILL(1); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy79; - if (yych != ';') goto yy18; - ++YYCURSOR; -#line 657 "ext/standard/var_unserializer.re" +#line 711 "ext/standard/var_unserializer.re" { -#if SIZEOF_ZEND_LONG == 4 - int digits = YYCURSOR - start - 3; + size_t len, maxlen; + char *str; - if (start[2] == '-' || start[2] == '+') { - digits--; + len = parse_uiv(start + 2); + maxlen = max - YYCURSOR; + if (maxlen < len) { + *p = start + 2; + return 0; } - /* Use double for large zend_long values that were serialized on a 64-bit system */ - if (digits >= MAX_LENGTH_OF_LONG - 1) { - if (digits == MAX_LENGTH_OF_LONG - 1) { - int cmp = strncmp((char*)YYCURSOR - MAX_LENGTH_OF_LONG, long_min_digits, MAX_LENGTH_OF_LONG - 1); - - if (!(cmp < 0 || (cmp == 0 && start[2] == '-'))) { - goto use_double; - } - } else { - goto use_double; - } - } -#endif - *p = YYCURSOR; - ZVAL_LONG(rval, parse_iv(start + 2)); - return 1; -} -#line 1287 "ext/standard/var_unserializer.c" -yy83: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= '2') goto yy18; - yych = *++YYCURSOR; - if (yych != ';') goto yy18; - ++YYCURSOR; -#line 651 "ext/standard/var_unserializer.re" - { - *p = YYCURSOR; - ZVAL_BOOL(rval, parse_iv(start + 2)); - return 1; -} -#line 1301 "ext/standard/var_unserializer.c" -yy87: - ++YYCURSOR; -#line 645 "ext/standard/var_unserializer.re" - { - *p = YYCURSOR; - ZVAL_NULL(rval); - return 1; -} -#line 1310 "ext/standard/var_unserializer.c" -yy89: - yych = *++YYCURSOR; - if (yych <= ',') { - if (yych != '+') goto yy18; - } else { - if (yych <= '-') goto yy90; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy91; - goto yy18; - } -yy90: - yych = *++YYCURSOR; - if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; -yy91: - ++YYCURSOR; - if (YYLIMIT <= YYCURSOR) YYFILL(1); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy91; - if (yych != ';') goto yy18; - ++YYCURSOR; -#line 620 "ext/standard/var_unserializer.re" - { - zend_long id; + str = (char*)YYCURSOR; - *p = YYCURSOR; - if (!var_hash) return 0; + YYCURSOR += len; - id = parse_iv(start + 2) - 1; - if (id == -1 || (rval_ref = var_access(var_hash, id)) == NULL) { + if (*(YYCURSOR) != '"') { + *p = YYCURSOR; return 0; } - if (rval_ref == rval) { + if (*(YYCURSOR + 1) != ';') { + *p = YYCURSOR + 1; return 0; } - if (Z_ISUNDEF_P(rval_ref) || (Z_ISREF_P(rval_ref) && Z_ISUNDEF_P(Z_REFVAL_P(rval_ref)))) { - ZVAL_UNDEF(rval); - return 1; - } - - ZVAL_COPY(rval, rval_ref); + YYCURSOR += 2; + *p = YYCURSOR; + ZVAL_STRINGL(rval, str, len); return 1; } -#line 1358 "ext/standard/var_unserializer.c" -yy95: - yych = *++YYCURSOR; - if (yych <= ',') { - if (yych != '+') goto yy18; - } else { - if (yych <= '-') goto yy96; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy97; - goto yy18; - } +#line 1409 "ext/standard/var_unserializer.c" yy96: yych = *++YYCURSOR; if (yych <= '/') goto yy18; - if (yych >= ':') goto yy18; + if (yych <= '9') goto yy89; + goto yy18; yy97: ++YYCURSOR; - if (YYLIMIT <= YYCURSOR) YYFILL(1); - yych = *YYCURSOR; - if (yych <= '/') goto yy18; - if (yych <= '9') goto yy97; - if (yych != ';') goto yy18; - ++YYCURSOR; -#line 594 "ext/standard/var_unserializer.re" +#line 686 "ext/standard/var_unserializer.re" { - zend_long id; - - *p = YYCURSOR; - if (!var_hash) return 0; - - id = parse_iv(start + 2) - 1; - if (id == -1 || (rval_ref = var_access(var_hash, id)) == NULL) { - return 0; - } + *p = YYCURSOR; - zval_ptr_dtor(rval); - if (Z_ISUNDEF_P(rval_ref) || (Z_ISREF_P(rval_ref) && Z_ISUNDEF_P(Z_REFVAL_P(rval_ref)))) { - ZVAL_UNDEF(rval); - return 1; - } - if (Z_ISREF_P(rval_ref)) { - ZVAL_COPY(rval, rval_ref); + if (!strncmp((char*)start + 2, "NAN", 3)) { + ZVAL_DOUBLE(rval, php_get_nan()); + } else if (!strncmp((char*)start + 2, "INF", 3)) { + ZVAL_DOUBLE(rval, php_get_inf()); + } else if (!strncmp((char*)start + 2, "-INF", 4)) { + ZVAL_DOUBLE(rval, -php_get_inf()); } else { - ZVAL_NEW_REF(rval_ref, rval_ref); - ZVAL_COPY(rval, rval_ref); + ZVAL_NULL(rval); } return 1; } -#line 1407 "ext/standard/var_unserializer.c" +#line 1433 "ext/standard/var_unserializer.c" } -#line 958 "ext/standard/var_unserializer.re" +#line 961 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index bbf4009f71..6d53cb6249 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -57,6 +57,9 @@ PHPAPI void php_var_unserialize_destroy(php_unserialize_data_t d) { } } +PHPAPI HashTable *php_var_unserialize_get_allowed_classes(php_unserialize_data_t d) { + return d->allowed_classes; +} PHPAPI void php_var_unserialize_set_allowed_classes(php_unserialize_data_t d, HashTable *classes) { d->allowed_classes = classes; } |