Skip to content

Instantly share code, notes, and snippets.

@joemiller

joemiller/CVE-2014-8142.patch

Last active January 23, 2016 12:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save joemiller/cf7ef21a4880e1c11fb3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save joemiller/cf7ef21a4880e1c11fb3 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2014-8142 backport applied to php-5.3.29.tar.bz2 tarball from php.net (from @fujin)
Raw
CVE-2014-8142.patch
diff -urN php-5.3.29.orig/NEWS php-5.3.29/NEWS
--- php-5.3.29.orig/NEWS 2014-08-13 19:22:50.000000000 +0000
+++ php-5.3.29/NEWS 2015-01-07 22:50:19.354722472 +0000
@@ -1,7 +1,10 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-14 Aug 2014, PHP 5.3.29
+7 Jan 2015, PHP 5.3.29 (Security Release)
+- Core:
+ . Fixed bug #68594 (Use after free vulnerability in unserialize()). (fujin)
+14 Aug 2014, PHP 5.3.29
- Core:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
diff -urN php-5.3.29.orig/ext/standard/tests/serialize/bug68594.phpt php-5.3.29/ext/standard/tests/serialize/bug68594.phpt
--- php-5.3.29.orig/ext/standard/tests/serialize/bug68594.phpt 1970-01-01 00:00:00.000000000 +0000
+++ php-5.3.29/ext/standard/tests/serialize/bug68594.phpt 2015-01-07 23:14:18.369270909 +0000
@@ -0,0 +1,23 @@
+--TEST--
+Bug #68545 Use after free vulnerability in unserialize()
+--FILE--
+<?php
+for ($i=4; $i<100; $i++) {
+ $m = new StdClass();
+
+ $u = array(1);
+
+ $m->aaa = array(1,2,&$u,4,5);
+ $m->bbb = 1;
+ $m->ccc = &$u;
+ $m->ddd = str_repeat("A", $i);
+
+ $z = serialize($m);
+ $z = str_replace("bbb", "aaa", $z);
+ $y = unserialize($z);
+ $z = serialize($y);
+}
+?>
+===DONE===
+--EXPECTF--
+===DONE===
diff -urN php-5.3.29.orig/ext/standard/var_unserializer.c php-5.3.29/ext/standard/var_unserializer.c
--- php-5.3.29.orig/ext/standard/var_unserializer.c 2014-08-13 19:27:30.000000000 +0000
+++ php-5.3.29/ext/standard/var_unserializer.c 2015-01-07 22:51:14.420470381 +0000
@@ -1,4 +1,5 @@
-/* Generated by re2c 0.13.5 on Wed Sep 28 15:40:15 2011 */
+/* Generated by re2c 0.13.5 on Wed Jan 7 22:51:14 2015 */
+#line 1 "ext/standard/var_unserializer.re"
/*
+----------------------------------------------------------------------+
| PHP Version 5 |
@@ -189,6 +190,7 @@
#define YYMARKER marker
+#line 198 "ext/standard/var_unserializer.re"
@@ -298,6 +300,9 @@
} else {
/* object properties should include no integers */
convert_to_string(key);
+ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
+ var_push_dtor(var_hash, old_data);
+ }
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
sizeof data, NULL);
}
@@ -401,42 +406,9 @@
+#line 410 "ext/standard/var_unserializer.c"
{
YYCTYPE yych;
- static const unsigned char yybm[] = {
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 128, 128, 128, 128, 128, 128, 128, 128,
- 128, 128, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0,
- };
if ((YYLIMIT - YYCURSOR) < 7) YYFILL(7);
yych = *YYCURSOR;
@@ -458,85 +430,147 @@
}
yy2:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy95;
+ switch (yych) {
+ case ':': goto yy95;
+ default: goto yy3;
+ }
yy3:
+#line 732 "ext/standard/var_unserializer.re"
{ return 0; }
+#line 441 "ext/standard/var_unserializer.c"
yy4:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy89;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy89;
+ default: goto yy3;
+ }
yy5:
yych = *++YYCURSOR;
- if (yych == ';') goto yy87;
- goto yy3;
+ switch (yych) {
+ case ';': goto yy87;
+ default: goto yy3;
+ }
yy6:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy83;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy83;
+ default: goto yy3;
+ }
yy7:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy77;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy77;
+ default: goto yy3;
+ }
yy8:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy53;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy53;
+ default: goto yy3;
+ }
yy9:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy46;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy46;
+ default: goto yy3;
+ }
yy10:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy39;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy39;
+ default: goto yy3;
+ }
yy11:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy32;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy32;
+ default: goto yy3;
+ }
yy12:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy25;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy25;
+ default: goto yy3;
+ }
yy13:
yych = *(YYMARKER = ++YYCURSOR);
- if (yych == ':') goto yy17;
- goto yy3;
+ switch (yych) {
+ case ':': goto yy17;
+ default: goto yy3;
+ }
yy14:
++YYCURSOR;
+#line 726 "ext/standard/var_unserializer.re"
{
/* this is the case where we have less data than planned */
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
return 0; /* not sure if it should be 0 or 1 here? */
}
+#line 510 "ext/standard/var_unserializer.c"
yy16:
yych = *++YYCURSOR;
goto yy3;
yy17:
yych = *++YYCURSOR;
- if (yybm[0+yych] & 128) {
- goto yy20;
+ switch (yych) {
+ case '+': goto yy19;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy20;
+ default: goto yy18;
}
- if (yych == '+') goto yy19;
yy18:
YYCURSOR = YYMARKER;
goto yy3;
yy19:
yych = *++YYCURSOR;
- if (yybm[0+yych] & 128) {
- goto yy20;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy20;
+ default: goto yy18;
}
- goto yy18;
yy20:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
- if (yybm[0+yych] & 128) {
- goto yy20;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy20;
+ case ':': goto yy22;
+ default: goto yy18;
}
- if (yych != ':') goto yy18;
+yy22:
yych = *++YYCURSOR;
- if (yych != '"') goto yy18;
+ switch (yych) {
+ case '"': goto yy23;
+ default: goto yy18;
+ }
+yy23:
++YYCURSOR;
+#line 609 "ext/standard/var_unserializer.re"
{
size_t len, len2, len3, maxlen;
long elements;
@@ -653,30 +687,66 @@
return object_common2(UNSERIALIZE_PASSTHRU, elements);
}
+#line 691 "ext/standard/var_unserializer.c"
yy25:
yych = *++YYCURSOR;
- if (yych <= ',') {
- if (yych != '+') goto yy18;
- } else {
- if (yych <= '-') goto yy26;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy27;
- goto yy18;
+ switch (yych) {
+ case '+':
+ case '-': goto yy26;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy27;
+ default: goto yy18;
}
yy26:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy27;
+ default: goto yy18;
+ }
yy27:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy27;
- if (yych >= ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy27;
+ case ':': goto yy29;
+ default: goto yy18;
+ }
+yy29:
yych = *++YYCURSOR;
- if (yych != '"') goto yy18;
+ switch (yych) {
+ case '"': goto yy30;
+ default: goto yy18;
+ }
+yy30:
++YYCURSOR;
+#line 601 "ext/standard/var_unserializer.re"
{
INIT_PZVAL(*rval);
@@ -684,26 +754,65 @@
return object_common2(UNSERIALIZE_PASSTHRU,
object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
}
+#line 758 "ext/standard/var_unserializer.c"
yy32:
yych = *++YYCURSOR;
- if (yych == '+') goto yy33;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy34;
- goto yy18;
+ switch (yych) {
+ case '+': goto yy33;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy34;
+ default: goto yy18;
+ }
yy33:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy34;
+ default: goto yy18;
+ }
yy34:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy34;
- if (yych >= ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy34;
+ case ':': goto yy36;
+ default: goto yy18;
+ }
+yy36:
yych = *++YYCURSOR;
- if (yych != '{') goto yy18;
+ switch (yych) {
+ case '{': goto yy37;
+ default: goto yy18;
+ }
+yy37:
++YYCURSOR;
+#line 581 "ext/standard/var_unserializer.re"
{
long elements = parse_iv(start + 2);
/* use iv() not uiv() in order to check data range */
@@ -723,26 +832,65 @@
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
+#line 836 "ext/standard/var_unserializer.c"
yy39:
yych = *++YYCURSOR;
- if (yych == '+') goto yy40;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy41;
- goto yy18;
+ switch (yych) {
+ case '+': goto yy40;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy41;
+ default: goto yy18;
+ }
yy40:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy41;
+ default: goto yy18;
+ }
yy41:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy41;
- if (yych >= ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy41;
+ case ':': goto yy43;
+ default: goto yy18;
+ }
+yy43:
yych = *++YYCURSOR;
- if (yych != '"') goto yy18;
+ switch (yych) {
+ case '"': goto yy44;
+ default: goto yy18;
+ }
+yy44:
++YYCURSOR;
+#line 552 "ext/standard/var_unserializer.re"
{
size_t len, maxlen;
char *str;
@@ -771,26 +919,65 @@
ZVAL_STRINGL(*rval, str, len, 0);
return 1;
}
+#line 923 "ext/standard/var_unserializer.c"
yy46:
yych = *++YYCURSOR;
- if (yych == '+') goto yy47;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy48;
- goto yy18;
+ switch (yych) {
+ case '+': goto yy47;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy48;
+ default: goto yy18;
+ }
yy47:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy48;
+ default: goto yy18;
+ }
yy48:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy48;
- if (yych >= ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy48;
+ case ':': goto yy50;
+ default: goto yy18;
+ }
+yy50:
yych = *++YYCURSOR;
- if (yych != '"') goto yy18;
+ switch (yych) {
+ case '"': goto yy51;
+ default: goto yy18;
+ }
+yy51:
++YYCURSOR;
+#line 524 "ext/standard/var_unserializer.re"
{
size_t len, maxlen;
char *str;
@@ -818,93 +1005,131 @@
ZVAL_STRINGL(*rval, str, len, 1);
return 1;
}
+#line 1009 "ext/standard/var_unserializer.c"
yy53:
yych = *++YYCURSOR;
- if (yych <= '/') {
- if (yych <= ',') {
- if (yych == '+') goto yy57;
- goto yy18;
- } else {
- if (yych <= '-') goto yy55;
- if (yych <= '.') goto yy60;
- goto yy18;
- }
- } else {
- if (yych <= 'I') {
- if (yych <= '9') goto yy58;
- if (yych <= 'H') goto yy18;
- goto yy56;
- } else {
- if (yych != 'N') goto yy18;
- }
+ switch (yych) {
+ case '+': goto yy57;
+ case '-': goto yy55;
+ case '.': goto yy60;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy58;
+ case 'I': goto yy56;
+ case 'N': goto yy54;
+ default: goto yy18;
}
+yy54:
yych = *++YYCURSOR;
- if (yych == 'A') goto yy76;
- goto yy18;
+ switch (yych) {
+ case 'A': goto yy76;
+ default: goto yy18;
+ }
yy55:
yych = *++YYCURSOR;
- if (yych <= '/') {
- if (yych == '.') goto yy60;
- goto yy18;
- } else {
- if (yych <= '9') goto yy58;
- if (yych != 'I') goto yy18;
+ switch (yych) {
+ case '.': goto yy60;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy58;
+ case 'I': goto yy56;
+ default: goto yy18;
}
yy56:
yych = *++YYCURSOR;
- if (yych == 'N') goto yy72;
- goto yy18;
+ switch (yych) {
+ case 'N': goto yy72;
+ default: goto yy18;
+ }
yy57:
yych = *++YYCURSOR;
- if (yych == '.') goto yy60;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '.': goto yy60;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy58;
+ default: goto yy18;
+ }
yy58:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4);
yych = *YYCURSOR;
- if (yych <= ':') {
- if (yych <= '.') {
- if (yych <= '-') goto yy18;
- goto yy70;
- } else {
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy58;
- goto yy18;
- }
- } else {
- if (yych <= 'E') {
- if (yych <= ';') goto yy63;
- if (yych <= 'D') goto yy18;
- goto yy65;
- } else {
- if (yych == 'e') goto yy65;
- goto yy18;
- }
+ switch (yych) {
+ case '.': goto yy70;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy58;
+ case ';': goto yy63;
+ case 'E':
+ case 'e': goto yy65;
+ default: goto yy18;
}
yy60:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy61;
+ default: goto yy18;
+ }
yy61:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4);
yych = *YYCURSOR;
- if (yych <= ';') {
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy61;
- if (yych <= ':') goto yy18;
- } else {
- if (yych <= 'E') {
- if (yych <= 'D') goto yy18;
- goto yy65;
- } else {
- if (yych == 'e') goto yy65;
- goto yy18;
- }
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy61;
+ case ';': goto yy63;
+ case 'E':
+ case 'e': goto yy65;
+ default: goto yy18;
}
yy63:
++YYCURSOR;
+#line 514 "ext/standard/var_unserializer.re"
{
#if SIZEOF_LONG == 4
use_double:
@@ -914,64 +1139,109 @@
ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL));
return 1;
}
+#line 1143 "ext/standard/var_unserializer.c"
yy65:
yych = *++YYCURSOR;
- if (yych <= ',') {
- if (yych != '+') goto yy18;
- } else {
- if (yych <= '-') goto yy66;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy67;
- goto yy18;
+ switch (yych) {
+ case '+':
+ case '-': goto yy66;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy67;
+ default: goto yy18;
}
yy66:
yych = *++YYCURSOR;
- if (yych <= ',') {
- if (yych == '+') goto yy69;
- goto yy18;
- } else {
- if (yych <= '-') goto yy69;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '+':
+ case '-': goto yy69;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy67;
+ default: goto yy18;
}
yy67:
++YYCURSOR;
if (YYLIMIT <= YYCURSOR) YYFILL(1);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy67;
- if (yych == ';') goto yy63;
- goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy67;
+ case ';': goto yy63;
+ default: goto yy18;
+ }
yy69:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy67;
- goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy67;
+ default: goto yy18;
+ }
yy70:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4);
yych = *YYCURSOR;
- if (yych <= ';') {
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy70;
- if (yych <= ':') goto yy18;
- goto yy63;
- } else {
- if (yych <= 'E') {
- if (yych <= 'D') goto yy18;
- goto yy65;
- } else {
- if (yych == 'e') goto yy65;
- goto yy18;
- }
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy70;
+ case ';': goto yy63;
+ case 'E':
+ case 'e': goto yy65;
+ default: goto yy18;
}
yy72:
yych = *++YYCURSOR;
- if (yych != 'F') goto yy18;
+ switch (yych) {
+ case 'F': goto yy73;
+ default: goto yy18;
+ }
yy73:
yych = *++YYCURSOR;
- if (yych != ';') goto yy18;
+ switch (yych) {
+ case ';': goto yy74;
+ default: goto yy18;
+ }
+yy74:
++YYCURSOR;
+#line 499 "ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
@@ -986,32 +1256,66 @@
return 1;
}
+#line 1260 "ext/standard/var_unserializer.c"
yy76:
yych = *++YYCURSOR;
- if (yych == 'N') goto yy73;
- goto yy18;
+ switch (yych) {
+ case 'N': goto yy73;
+ default: goto yy18;
+ }
yy77:
yych = *++YYCURSOR;
- if (yych <= ',') {
- if (yych != '+') goto yy18;
- } else {
- if (yych <= '-') goto yy78;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy79;
- goto yy18;
+ switch (yych) {
+ case '+':
+ case '-': goto yy78;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy79;
+ default: goto yy18;
}
yy78:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy79;
+ default: goto yy18;
+ }
yy79:
++YYCURSOR;
if (YYLIMIT <= YYCURSOR) YYFILL(1);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy79;
- if (yych != ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy79;
+ case ';': goto yy81;
+ default: goto yy18;
+ }
+yy81:
++YYCURSOR;
+#line 472 "ext/standard/var_unserializer.re"
{
#if SIZEOF_LONG == 4
int digits = YYCURSOR - start - 3;
@@ -1038,49 +1342,93 @@
ZVAL_LONG(*rval, parse_iv(start + 2));
return 1;
}
+#line 1346 "ext/standard/var_unserializer.c"
yy83:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= '2') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1': goto yy84;
+ default: goto yy18;
+ }
+yy84:
yych = *++YYCURSOR;
- if (yych != ';') goto yy18;
+ switch (yych) {
+ case ';': goto yy85;
+ default: goto yy18;
+ }
+yy85:
++YYCURSOR;
+#line 465 "ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_BOOL(*rval, parse_iv(start + 2));
return 1;
}
+#line 1369 "ext/standard/var_unserializer.c"
yy87:
++YYCURSOR;
+#line 458 "ext/standard/var_unserializer.re"
{
*p = YYCURSOR;
INIT_PZVAL(*rval);
ZVAL_NULL(*rval);
return 1;
}
+#line 1379 "ext/standard/var_unserializer.c"
yy89:
yych = *++YYCURSOR;
- if (yych <= ',') {
- if (yych != '+') goto yy18;
- } else {
- if (yych <= '-') goto yy90;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy91;
- goto yy18;
+ switch (yych) {
+ case '+':
+ case '-': goto yy90;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy91;
+ default: goto yy18;
}
yy90:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy91;
+ default: goto yy18;
+ }
yy91:
++YYCURSOR;
if (YYLIMIT <= YYCURSOR) YYFILL(1);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy91;
- if (yych != ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy91;
+ case ';': goto yy93;
+ default: goto yy18;
+ }
+yy93:
++YYCURSOR;
+#line 435 "ext/standard/var_unserializer.re"
{
long id;
@@ -1103,28 +1451,60 @@
return 1;
}
+#line 1455 "ext/standard/var_unserializer.c"
yy95:
yych = *++YYCURSOR;
- if (yych <= ',') {
- if (yych != '+') goto yy18;
- } else {
- if (yych <= '-') goto yy96;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy97;
- goto yy18;
+ switch (yych) {
+ case '+':
+ case '-': goto yy96;
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy97;
+ default: goto yy18;
}
yy96:
yych = *++YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych >= ':') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy97;
+ default: goto yy18;
+ }
yy97:
++YYCURSOR;
if (YYLIMIT <= YYCURSOR) YYFILL(1);
yych = *YYCURSOR;
- if (yych <= '/') goto yy18;
- if (yych <= '9') goto yy97;
- if (yych != ';') goto yy18;
+ switch (yych) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9': goto yy97;
+ case ';': goto yy99;
+ default: goto yy18;
+ }
+yy99:
++YYCURSOR;
+#line 414 "ext/standard/var_unserializer.re"
{
long id;
@@ -1145,7 +1525,9 @@
return 1;
}
+#line 1529 "ext/standard/var_unserializer.c"
}
+#line 734 "ext/standard/var_unserializer.re"
return 0;
diff -urN php-5.3.29.orig/ext/standard/var_unserializer.re php-5.3.29/ext/standard/var_unserializer.re
--- php-5.3.29.orig/ext/standard/var_unserializer.re 2014-08-13 19:22:50.000000000 +0000
+++ php-5.3.29/ext/standard/var_unserializer.re 2015-01-07 22:50:19.355722486 +0000
@@ -304,6 +304,9 @@
} else {
/* object properties should include no integers */
convert_to_string(key);
+ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
+ var_push_dtor(var_hash, old_data);
+ }
zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
sizeof data, NULL);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment