projects / awesomized / ext-ion / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree | github
raw | patch | inline | side by side (parent: ae4d03f)
sort of correct unserialize input arg type
authorMichael Wallner <mike@php.net>
Tue, 14 Dec 2021 11:39:12 +0000 (12:39 +0100)
committerMichael Wallner <mike@php.net>
Tue, 14 Dec 2021 11:54:08 +0000 (12:54 +0100)
ion.stub.php patch | blob | history
ion_arginfo.h patch | blob | history
ion_private.h patch | blob | history

diff --git a/ion.stub.php b/ion.stub.php
index dcf0cfa16e20c6ac631b7de5ddc4e84458a8db8f..f3f81f3d27f53aa6cc143601385e6721ebf71614 100644 (file)
--- a/ion.stub.php
+++ b/ion.stub.php
@@ -481,4 +481,4 @@ class PHP implements \ion\Unserializer {
 namespace ion;
 function serialize(mixed $data, ?Serializer $serializer = null) : string {}
 /** @param string|resource $data */
-function unserialize(mixed $data, ?Unserializer $unserializer = null) : mixed {}
+function unserialize($data, ?Unserializer $unserializer = null) : mixed {}
diff --git a/ion_arginfo.h b/ion_arginfo.h
index da22a4b45d7c6f9e0686752930669fa0fa7fc9d2..4d5bc27f3b19536cc562b090ded37897150ca88d 100644 (file)
--- a/ion_arginfo.h
+++ b/ion_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: f2b34e7e90a3fcb65ad470c6acce7cc31b804716 */
+ * Stub hash: 5dc8abb809cd14ed4c542ca5114bd4ceda42d70b */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_ion_serialize, 0, 1, IS_STRING, 0)
        ZEND_ARG_TYPE_INFO(0, data, IS_MIXED, 0)
@@ -7,7 +7,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_ion_serialize, 0, 1, IS_STRING,
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_ion_unserialize, 0, 1, IS_MIXED, 0)
-       ZEND_ARG_TYPE_INFO(0, data, IS_MIXED, 0)
+       ZEND_ARG_INFO(0, data)
        ZEND_ARG_OBJ_INFO_WITH_DEFAULT_VALUE(0, unserializer, ion\\Unserializer, 1, "null")
 ZEND_END_ARG_INFO()
 
diff --git a/ion_private.h b/ion_private.h
index 5ca03dab2c63cbd16689bbedbbc2fa7d1dbc744b..1765d62f0da47050a449e05501b80f85c780b56e 100644 (file)
--- a/ion_private.h
+++ b/ion_private.h
@@ -1891,23 +1891,24 @@ void php_ion_unserialize(php_ion_unserializer *ser, zval *zdata, zval *return_va
        zend_object *zo_reader;
        php_ion_reader *reader;
        ZVAL_DEREF(zdata);
-       switch (Z_TYPE_P(zdata)) {
-       case IS_STRING:
-               zo_reader = create_ion_Reader_Reader(ce_Reader_Buffer_Reader);
-               reader = php_ion_obj(reader, zo_reader);
-               reader->type = BUFFER_READER;
-               reader->buffer = zend_string_copy(Z_STR_P(zdata));
-               break;
 
-       case IS_RESOURCE:
+       if (Z_TYPE_P(zdata) == IS_RESOURCE) {
                zo_reader = create_ion_Reader_Reader(ce_Reader_Stream_Reader);
                reader = php_ion_obj(reader, zo_reader);
                reader->type = STREAM_READER;
                php_stream_from_zval_no_verify(reader->stream.ptr, zdata);
-               break;
-
-       default:
-               ZEND_ASSERT(!IS_STRING && !IS_RESOURCE);
+       } else if (Z_TYPE_P(zdata) <= IS_STRING) {
+               zo_reader = create_ion_Reader_Reader(ce_Reader_Buffer_Reader);
+               reader = php_ion_obj(reader, zo_reader);
+               reader->type = BUFFER_READER;
+               reader->buffer = zval_get_string(zdata);
+       } else {
+               zend_throw_exception_ex(spl_ce_InvalidArgumentException, IERR_INVALID_ARG,
+                               "Invalid source to unserialize; expected string or resource");
+               if (zo_ser) {
+                       OBJ_RELEASE(zo_ser);
+               }
+               return;
        }
 
        if (ser->options) {
PHP extension for Amazon ION