Permalink
Browse files

Fixed bug #62852 Unserialize Invalid Date crash

Error handling is the same as in bug #53437, E_ERROR if we
expect an invalid object.
  • Loading branch information...
1 parent b1dbfb7 commit f8b91d9acff10ede7bd3f2bc631794a3abef8ff7 @weltling weltling committed Mar 15, 2013
Showing with 70 additions and 32 deletions.
  1. +1 −0 NEWS
  2. +17 −8 ext/date/php_date.c
  3. +2 −24 ext/date/tests/bug62852.phpt
  4. +25 −0 ext/date/tests/bug62852_var2.phpt
  5. +25 −0 ext/date/tests/bug62852_var3.phpt
View
@@ -20,6 +20,7 @@ PHP NEWS
- DateTime
. Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
(Gustavo, Derick, Anatol)
+ . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
07 Mar 2013, PHP 5.5.0 Alpha 6
View
@@ -2674,13 +2674,15 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
case TIMELIB_ZONETYPE_OFFSET:
case TIMELIB_ZONETYPE_ABBR: {
char *tmp = emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2);
+ int ret;
snprintf(tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone));
- php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
+ ret = php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
efree(tmp);
- return 1;
+ return 1 == ret;
}
- case TIMELIB_ZONETYPE_ID:
+ case TIMELIB_ZONETYPE_ID: {
+ int ret;
convert_to_string(*z_timezone);
tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
@@ -2691,9 +2693,10 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
tzobj->tzi.tz = tzi;
tzobj->initialized = 1;
- php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
+ ret = php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
zval_ptr_dtor(&tmp_obj);
- return 1;
+ return 1 == ret;
+ }
}
}
}
@@ -2717,7 +2720,9 @@ PHP_METHOD(DateTime, __set_state)
php_date_instantiate(date_ce_date, return_value TSRMLS_CC);
dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
- php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+ if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+ php_error(E_ERROR, "Invalid serialization data for DateTime object");
+ }
}
/* }}} */
@@ -2737,7 +2742,9 @@ PHP_METHOD(DateTimeImmutable, __set_state)
php_date_instantiate(date_ce_immutable, return_value TSRMLS_CC);
dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
- php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+ if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+ php_error(E_ERROR, "Invalid serialization data for DateTimeImmutable object");
+ }
}
/* }}} */
@@ -2753,7 +2760,9 @@ PHP_METHOD(DateTime, __wakeup)
myht = Z_OBJPROP_P(object);
- php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
+ if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
+ php_error(E_ERROR, "Invalid serialization data for DateTime object");
+ }
}
/* }}} */
@@ -1,36 +1,14 @@
--TEST--
-Bug #62852 (Unserialize invalid DateTime causes crash)
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 1
--INI--
date.timezone=GMT
---XFAIL--
-bug is not fixed yet
--FILE--
<?php
$s1 = 'O:8:"DateTime":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
-$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
-global $foo;
-
-class Foo extends DateTime {
- function __wakeup() {
- global $foo;
- $foo = $this;
- parent::__wakeup();
- }
-}
-
-// Old test case
try {
unserialize( $s1 );
} catch ( Exception $e ) {}
-// My test case
-try {
- unserialize( $s2 );
-} catch ( Exception $e ) {}
-var_dump( $foo );
-
-echo "okey";
-?>
--EXPECTF--
-okey
+Fatal error: Invalid serialization data for DateTime object in %sbug62852.php on line %d
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 2
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+ function __wakeup() {
+ global $foo;
+ $foo = $this;
+ parent::__wakeup();
+ }
+}
+
+try {
+ unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in %sbug62852_var2.php on line %d
@@ -0,0 +1,25 @@
+--TEST--
+Bug #62852 (Unserialize invalid DateTime causes crash), variation 3
+--INI--
+date.timezone=GMT
+--FILE--
+<?php
+$s2 = 'O:3:"Foo":3:{s:4:"date";s:19:"0000-00-00 00:00:00";s:13:"timezone_type";i:0;s:8:"timezone";s:3:"UTC";}';
+
+global $foo;
+
+class Foo extends DateTime {
+ function __wakeup() {
+ global $foo;
+ $foo = $this;
+ parent::__wakeup();
+ }
+}
+
+try {
+ unserialize( $s2 );
+} catch ( Exception $e ) {}
+var_dump( $foo );
+
+--EXPECTF--
+Fatal error: Invalid serialization data for DateTime object in %sbug62852_var3.php on line %d

0 comments on commit f8b91d9

Please sign in to comment.