From 580484b262ca92e64966f6a79ea58e4e541d9d88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 16 Sep 2025 00:15:32 +0200 Subject: [PATCH 1/2] uri: Check early whether we would be overwriting an existing URI in `uri_unserialize()` --- ext/uri/php_uri.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ext/uri/php_uri.c b/ext/uri/php_uri.c index bfe14e117477f..7b1cea1304eae 100644 --- a/ext/uri/php_uri.c +++ b/ext/uri/php_uri.c @@ -823,6 +823,13 @@ static void uri_unserialize(INTERNAL_FUNCTION_PARAMETERS) ZEND_PARSE_PARAMETERS_END(); zend_object *object = Z_OBJ_P(ZEND_THIS); + uri_internal_t *internal_uri = uri_internal_from_obj(object); + if (internal_uri->uri != NULL) { + /* Intentionally throw two exceptions for proper chaining. */ + zend_throw_error(NULL, "Cannot modify readonly object of class %s", ZSTR_VAL(Z_OBJCE_P(ZEND_THIS)->name)); + zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(object->ce->name)); + RETURN_THROWS(); + } /* Verify the expected number of elements, this implicitly ensures that no additional elements are present. */ if (zend_hash_num_elements(data) != 2) { @@ -849,13 +856,6 @@ static void uri_unserialize(INTERNAL_FUNCTION_PARAMETERS) RETURN_THROWS(); } - uri_internal_t *internal_uri = uri_internal_from_obj(object); - if (internal_uri->uri != NULL) { - /* Intentionally throw two exceptions for proper chaining. */ - zend_throw_error(NULL, "Cannot modify readonly object of class %s", ZSTR_VAL(Z_OBJCE_P(ZEND_THIS)->name)); - zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(object->ce->name)); - RETURN_THROWS(); - } internal_uri->uri = internal_uri->parser->parse(Z_STRVAL_P(uri_zv), Z_STRLEN_P(uri_zv), NULL, NULL, true); if (internal_uri->uri == NULL) { zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(object->ce->name)); From a9db5499867a7abbc0d0971dbcaf96f65c97287b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 16 Sep 2025 00:16:10 +0200 Subject: [PATCH 2/2] uri: Access the CE consistently in `uri_unserialize()` --- ext/uri/php_uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/uri/php_uri.c b/ext/uri/php_uri.c index 7b1cea1304eae..b7e9b94da1636 100644 --- a/ext/uri/php_uri.c +++ b/ext/uri/php_uri.c @@ -826,7 +826,7 @@ static void uri_unserialize(INTERNAL_FUNCTION_PARAMETERS) uri_internal_t *internal_uri = uri_internal_from_obj(object); if (internal_uri->uri != NULL) { /* Intentionally throw two exceptions for proper chaining. */ - zend_throw_error(NULL, "Cannot modify readonly object of class %s", ZSTR_VAL(Z_OBJCE_P(ZEND_THIS)->name)); + zend_throw_error(NULL, "Cannot modify readonly object of class %s", ZSTR_VAL(object->ce->name)); zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(object->ce->name)); RETURN_THROWS(); }