Skip to content

Commit 8d199c7

Browse files
weltlingweltling
committed
Backported fix for bug #62852
1 parent 4a62915 commit 8d199c7

5 files changed

Lines changed: 69 additions & 31 deletions

File tree

NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,9 @@ PHP NEWS
1414
. Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
1515
for stmt->param_bind). (Andrey)
1616

17+
- DateTime
18+
. Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
19+
1720

1821
14 Mar 2013, PHP 5.3.23
1922

ext/date/php_date.c

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2554,13 +2554,15 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
25542554
case TIMELIB_ZONETYPE_OFFSET:
25552555
case TIMELIB_ZONETYPE_ABBR: {
25562556
char *tmp = emalloc(Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2);
2557+
int ret;
25572558
snprintf(tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 2, "%s %s", Z_STRVAL_PP(z_date), Z_STRVAL_PP(z_timezone));
2558-
php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
2559+
ret = php_date_initialize(*dateobj, tmp, Z_STRLEN_PP(z_date) + Z_STRLEN_PP(z_timezone) + 1, NULL, NULL, 0 TSRMLS_CC);
25592560
efree(tmp);
2560-
return 1;
2561+
return 1 == ret;
25612562
}
25622563

2563-
case TIMELIB_ZONETYPE_ID:
2564+
case TIMELIB_ZONETYPE_ID: {
2565+
int ret;
25642566
convert_to_string(*z_timezone);
25652567

25662568
tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
@@ -2571,9 +2573,10 @@ static int php_date_initialize_from_hash(zval **return_value, php_date_obj **dat
25712573
tzobj->tzi.tz = tzi;
25722574
tzobj->initialized = 1;
25732575

2574-
php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
2576+
ret = php_date_initialize(*dateobj, Z_STRVAL_PP(z_date), Z_STRLEN_PP(z_date), NULL, tmp_obj, 0 TSRMLS_CC);
25752577
zval_ptr_dtor(&tmp_obj);
2576-
return 1;
2578+
return 1 == ret;
2579+
}
25772580
}
25782581
}
25792582
}
@@ -2597,7 +2600,9 @@ PHP_METHOD(DateTime, __set_state)
25972600

25982601
php_date_instantiate(date_ce_date, return_value TSRMLS_CC);
25992602
dateobj = (php_date_obj *) zend_object_store_get_object(return_value TSRMLS_CC);
2600-
php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
2603+
if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
2604+
php_error(E_ERROR, "Invalid serialization data for DateTime object");
2605+
}
26012606
}
26022607
/* }}} */
26032608

@@ -2613,7 +2618,9 @@ PHP_METHOD(DateTime, __wakeup)
26132618

26142619
myht = Z_OBJPROP_P(object);
26152620

2616-
php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC);
2621+
if (!php_date_initialize_from_hash(&return_value, &dateobj, myht TSRMLS_CC)) {
2622+
php_error(E_ERROR, "Invalid serialization data for DateTime object");
2623+
}
26172624
}
26182625
/* }}} */
26192626

ext/date/tests/bug62852.phpt

Lines changed: 2 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,14 @@
11
--TEST--
2-
Bug #62852 (Unserialize invalid DateTime causes crash)
2+
Bug #62852 (Unserialize invalid DateTime causes crash), variation 1
33
--INI--
44
date.timezone=GMT
5-
--XFAIL--
6-
bug is not fixed yet
75
--FILE--
86
<?php
97
$s1 = 'O:8:"DateTime":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
10-
$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
118

12-
global $foo;
13-
14-
class Foo extends DateTime {
15-
function __wakeup() {
16-
global $foo;
17-
$foo = $this;
18-
parent::__wakeup();
19-
}
20-
}
21-
22-
// Old test case
239
try {
2410
unserialize( $s1 );
2511
} catch ( Exception $e ) {}
2612

27-
// My test case
28-
try {
29-
unserialize( $s2 );
30-
} catch ( Exception $e ) {}
31-
var_dump( $foo );
32-
33-
echo "okey";
34-
?>
3513
--EXPECTF--
36-
okey
14+
Fatal error: Invalid serialization data for DateTime object in %sbug62852.php on line %d

ext/date/tests/bug62852_var2.phpt

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
--TEST--
2+
Bug #62852 (Unserialize invalid DateTime causes crash), variation 2
3+
--INI--
4+
date.timezone=GMT
5+
--FILE--
6+
<?php
7+
$s2 = 'O:3:"Foo":3:{s:4:"date";s:20:"10007-06-07 03:51:49";s:13:"timezone_type";i:3;s:8:"timezone";s:3:"UTC";}';
8+
9+
global $foo;
10+
11+
class Foo extends DateTime {
12+
function __wakeup() {
13+
global $foo;
14+
$foo = $this;
15+
parent::__wakeup();
16+
}
17+
}
18+
19+
try {
20+
unserialize( $s2 );
21+
} catch ( Exception $e ) {}
22+
var_dump( $foo );
23+
24+
--EXPECTF--
25+
Fatal error: Invalid serialization data for DateTime object in %sbug62852_var2.php on line %d

ext/date/tests/bug62852_var3.phpt

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
--TEST--
2+
Bug #62852 (Unserialize invalid DateTime causes crash), variation 3
3+
--INI--
4+
date.timezone=GMT
5+
--FILE--
6+
<?php
7+
$s2 = 'O:3:"Foo":3:{s:4:"date";s:19:"0000-00-00 00:00:00";s:13:"timezone_type";i:0;s:8:"timezone";s:3:"UTC";}';
8+
9+
global $foo;
10+
11+
class Foo extends DateTime {
12+
function __wakeup() {
13+
global $foo;
14+
$foo = $this;
15+
parent::__wakeup();
16+
}
17+
}
18+
19+
try {
20+
unserialize( $s2 );
21+
} catch ( Exception $e ) {}
22+
var_dump( $foo );
23+
24+
--EXPECTF--
25+
Fatal error: Invalid serialization data for DateTime object in %sbug62852_var3.php on line %d

0 commit comments

Comments
 (0)