-
-
Save anonymous/8e3f974e5a8913a66ae1a6f966ba351f to your computer and use it in GitHub Desktop.
Patch for 74145
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 36ac7722d93ee69d69e986b3102922fd529a3dfd | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Sun Jul 2 14:25:54 2017 -0700 | |
Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV | |
diff --git a/ext/wddx/tests/bug74145.phpt b/ext/wddx/tests/bug74145.phpt | |
new file mode 100644 | |
index 0000000..a99a117 | |
--- /dev/null | |
+++ b/ext/wddx/tests/bug74145.phpt | |
@@ -0,0 +1,16 @@ | |
+--TEST-- | |
+Bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV) | |
+--SKIPIF-- | |
+<?php | |
+if (!extension_loaded("wddx")) print "skip"; | |
+?> | |
+--FILE-- | |
+<?php | |
+$data = file_get_contents(__DIR__ . '/bug74145.xml'); | |
+$wddx = wddx_deserialize($data); | |
+var_dump($wddx); | |
+?> | |
+DONE | |
+--EXPECTF-- | |
+NULL | |
+DONE | |
\ No newline at end of file | |
diff --git a/ext/wddx/tests/bug74145.xml b/ext/wddx/tests/bug74145.xml | |
new file mode 100644 | |
index 0000000..e5d35fb | |
--- /dev/null | |
+++ b/ext/wddx/tests/bug74145.xml | |
@@ -0,0 +1,9 @@ | |
+<?xml version='1.0' ?> | |
+ <!DOCTYPE et SYSTEM 'w'> | |
+ <wddxPacket ven='1.0'> | |
+ <array> | |
+ <var Name="name"> | |
+ <boolean ></boolean> | |
+ </var> | |
+ </array> | |
+ </wddxPacket> | |
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c | |
index 72d2408..41fdd3d 100644 | |
--- a/ext/wddx/wddx.c | |
+++ b/ext/wddx/wddx.c | |
@@ -799,22 +799,19 @@ static void php_wddx_push_element(void *user_data, const XML_Char *name, const X | |
} else if (!strcmp(name, EL_BOOLEAN)) { | |
int i; | |
- if (atts) for (i = 0; atts[i]; i++) { | |
- if (!strcmp(atts[i], EL_VALUE) && atts[i+1] && atts[i+1][0]) { | |
- ent.type = ST_BOOLEAN; | |
- SET_STACK_VARNAME; | |
- | |
ALLOC_ZVAL(ent.data); | |
INIT_PZVAL(ent.data); | |
Z_TYPE_P(ent.data) = IS_BOOL; | |
+ ent.type = ST_BOOLEAN; | |
+ SET_STACK_VARNAME; | |
+ if (atts) for (i = 0; atts[i]; i++) { | |
+ if (!strcmp(atts[i], EL_VALUE) && atts[i+1] && atts[i+1][0]) { | |
wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry)); | |
php_wddx_process_data(user_data, atts[i+1], strlen(atts[i+1])); | |
break; | |
} | |
} else { | |
- ent.type = ST_BOOLEAN; | |
- SET_STACK_VARNAME; | |
- ZVAL_FALSE(&ent.data); | |
+ ZVAL_FALSE(ent.data); | |
wddx_stack_push((wddx_stack *)stack, &ent, sizeof(st_entry)); | |
} | |
} else if (!strcmp(name, EL_NULL)) { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment