mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
MFH:- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys)
This commit is contained in:
parent
9230473cd3
commit
307ec8ece4
1
NEWS
1
NEWS
@ -14,6 +14,7 @@ PHP NEWS
|
||||
- Fixed "make test" to work for phpized extensions. (Hartmut, Jani)
|
||||
- Fixed failing queries (FALSE returned) with mysqli_query() on 64 bit systems.
|
||||
(Andrey)
|
||||
- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys). (Jani)
|
||||
- Fixed bug #34302 (date('W') do not return leading zeros for week 1 to 9).
|
||||
(Derick)
|
||||
- Fixed bug #34299 (ReflectionClass::isInstantiable() returns true for abstract
|
||||
|
12
ext/wddx/tests/bug34306.phpt
Executable file
12
ext/wddx/tests/bug34306.phpt
Executable file
@ -0,0 +1,12 @@
|
||||
--TEST--
|
||||
#34306 (wddx_serialize_value() crashes with long array keys)
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$var = array('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890ba12345678901234567890123456789012345678901234567890b12345678901234567891234567890123123121231211111' => 1);
|
||||
$buf = wddx_serialize_value($var, 'name');
|
||||
echo "OK\n";
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
OK
|
@ -422,7 +422,7 @@ static void php_wddx_serialize_number(wddx_packet *packet, zval *var)
|
||||
tmp = *var;
|
||||
zval_copy_ctor(&tmp);
|
||||
convert_to_string(&tmp);
|
||||
sprintf(tmp_buf, WDDX_NUMBER, Z_STRVAL(tmp));
|
||||
snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
|
||||
zval_dtor(&tmp);
|
||||
|
||||
php_wddx_add_chunk(packet, tmp_buf);
|
||||
@ -617,15 +617,17 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
|
||||
*/
|
||||
void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name_len TSRMLS_DC)
|
||||
{
|
||||
char tmp_buf[WDDX_BUF_LEN];
|
||||
char *tmp_buf;
|
||||
char *name_esc;
|
||||
int name_esc_len;
|
||||
HashTable *ht;
|
||||
|
||||
if (name) {
|
||||
name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
|
||||
sprintf(tmp_buf, WDDX_VAR_S, name_esc);
|
||||
tmp_buf = emalloc(name_esc_len + 1);
|
||||
snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
|
||||
php_wddx_add_chunk(packet, tmp_buf);
|
||||
efree(tmp_buf);
|
||||
efree(name_esc);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user