|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull Requests
Pull requests:
HistoryAllCommentsChangesGit/SVN commits
[2014-04-13 22:56 UTC] stas@php.net
[2014-04-13 22:56 UTC] stas@php.net
-Status: Open
+Status: Closed
[2014-04-15 12:04 UTC] ab@php.net
[2014-04-15 13:05 UTC] ab@php.net
[2014-05-01 14:59 UTC] tyrael@php.net
[2014-10-07 23:15 UTC] stas@php.net
[2014-10-07 23:26 UTC] stas@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 30 22:00:01 2025 UTC |
Description: ------------ In php_date_initialize_from_hash (ext/date/php_date.c), the switch statement case "TIMELIB_ZONETYPE_ID" should check if the value returned by the call to php_date_parse_tzfile is NULL. Otherwise in subsequent instructions, the tzi variable may contain a NULL pointer. Test script: --------------- $y = 'O:8:"DateTime":3:{s:4:"date";s:19:"2014-02-15 02:00:51";s:13:"timezone_type";i:3;s:8:"timezone";s:10:"1234567890";}'; var_dump(unserialize($y)); // segfault Expected result: ---------------- bool(false) Actual result: -------------- #0 0x00000000004bb32d in fetch_timezone_offset (tz=0x0, ts=1392474750, transition_time=0x7fff61636948) at /tmp/php-src/ext/date/lib/parse_tz.c:341 #1 0x00000000004bb5ec in timelib_get_time_zone_info (ts=1392474750, tz=0x0) at /tmp/php-src/ext/date/lib/parse_tz.c:415 #2 0x00000000004be5a7 in timelib_unixtime2local (tm=0x269a360, ts=1392474750) at /tmp/php-src/ext/date/lib/unixtime2tm.c:194 #3 0x0000000000478a50 in php_date_initialize (dateobj=0x7f6c6a2db018, time_str=0x7f6c6a2d9f30 "2014-02-15 02:00:51", time_str_len=19, format=0x0, timezone_object=0x7f6c6a2da490, ctor=0) at /tmp/php-src/ext/date/php_date.c:2622 #4 0x000000000047940c in php_date_initialize_from_hash (return_value=0x7fff61636ad0, dateobj=0x7fff61636ae8, myht=0x7f6c6a2db2a8) at /tmp/php-src/ext/date/php_date.c:2790 #5 0x000000000047968b in zim_DateTime___wakeup (ht=0, return_value=0x7f6c6a2db348, return_value_ptr=0x7fff61636d68, this_ptr=0x7f6c6a2d8948, return_value_used=1) at /tmp/php-src/ext/date/php_date.c:2857 #6 0x00000000009766de in zend_call_function (fci=0x7fff61636cc0, fci_cache=0x7fff61636bb0) at /tmp/php-src/Zend/zend_execute_API.c:970 #7 0x000000000097569e in call_user_function_ex (function_table=0x24a7560, object_pp=0x7fff61636f70, function_name=0x7fff61636d80, retval_ptr_ptr=0x7fff61636d68, param_count=0, params=0x0, no_separation=1, symbol_table=0x0) at /tmp/php-src/Zend/zend_execute_API.c:740 #8 0x00000000008a3987 in object_common2 (rval=0x7fff61636f70, p=0x7fff61636f98, max=0x7f6c6a1d08a7 "", var_hash=0x7fff61636fa0, elements=3) at ext/standard/var_unserializer.re:424 #9 0x00000000008a4a28 in php_var_unserialize (rval=0x7fff61636f70, p=0x7fff61636f98, max=0x7f6c6a1d08a7 "", var_hash=0x7fff61636fa0) at ext/standard/var_unserializer.re:803 #10 0x000000000088f6b5 in zif_unserialize (ht=1, return_value=0x7f6c6a2d8948, return_value_ptr=0x7f6c6a2a41e0, this_ptr=0x0, return_value_used=1) at /tmp/php-src/ext/standard/var.c:966 #11 0x00000000009cf447 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f6c6a2a4218) at /tmp/php-src/Zend/zend_vm_execute.h:558 #12 0x00000000009d4c2c in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7f6c6a2a4218) at /tmp/php-src/Zend/zend_vm_execute.h:2585 #13 0x00000000009ceaba in execute_ex (execute_data=0x7f6c6a2a4218) at /tmp/php-src/Zend/zend_vm_execute.h:363 #14 0x00000000009ceb42 in zend_execute (op_array=0x7f6c6a2d9858) at /tmp/php-src/Zend/zend_vm_execute.h:388 #15 0x000000000098b7a1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php-src/Zend/zend.c:1330 #16 0x00000000008f1658 in php_execute_script (primary_file=0x7fff61639600) at /tmp/php-src/main/main.c:2549 #17 0x0000000000a3cd39 in do_cli (argc=4, argv=0x24a6940) at /tmp/php-src/sapi/cli/php_cli.c:994 #18 0x0000000000a3e056 in main (argc=4, argv=0x24a6940) at /tmp/php-src/sapi/cli/php_cli.c:1378