PHP :: Bug #35410 :: Strange behavior of function "wddx

Bug #35410	Strange behavior of function "wddx_deserialize"
Submitted:	2005-11-26 17:11 UTC	Modified:	2005-11-30 19:13 UTC
From:	thomas dot werner at mac dot com	Assigned:	iliaa (profile)
Status:	Closed	Package:	WDDX related
PHP Version:	5CVS, 4CVS (2005-11-30) (cvs)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	thomas dot werner at mac dot com
New email:
PHP Version:		OS:

New Comment:

[2005-11-26 17:11 UTC] thomas dot werner at mac dot com

Description:
------------
I have a wddx file:
*******************

<wddxpacket version="1.0">
  <header>
    <comment>Content Configuration File</comment>
  </header>
  <data>
    <struct>
      <var name="content_queries">
        <struct>
          <var name="content_113300831086270200">
            <struct>
              <var name="113301888545229100">
                <struct>
                  <var name="max">
                    <number>10</number>
                  </var>
                  <var name="cache">
                    <number>4</number>
                  </var>
                  <var name="order">
                    <struct>
                      <var 
name="content_113300831086270200">
                        <struct>
                          <var name="CMS_BUILD">
                            <string>desc</string>
                          </var>
                        </struct>
                      </var>
                    </struct>
                  </var>
                </struct>
              </var>
            </struct>
          </var>
        </struct>
      </var>
    </struct>
  </data>
</wddxpacket>

and load it with the function "wddx_deserialize" in $config. 
var_dump outputs different arrays in php-4.4.0 and 
php-4.4.1.

["113301888545229100"] (4.4.0) and [2147483647] (4.4.1) are 
not the same (string vs. int).

i used exact the same configuration for compiling and 
checked it with debian sarge on linux and macosx too.

cheers tom

Reproduce code:
---------------
[...]

if ( !( $filepointer = @fopen( $filename, 'r' ) ) ) {
	return false;
}
while ( !feof( $filepointer) ) {
	$data .= fgets( $filepointer, 4096 );
}
fclose( $filepointer );

if ( $data ) {	

	$config = wddx_deserialize( $data );
	
[...]

Expected result:
----------------
[...]
  ["content_queries"]=>
  array(1) {
    ["content_113300831086270200"]=>
    array(1) {
      ["113301888545229100"]=>
      array(3) {
        ["max"]=>
        int(10)
        ["cache"]=>
        int(4)
        ["order"]=>
        array(1) {
          ["content_113300831086270200"]=>
          array(1) {
            ["CMS_BUILD"]=>
            string(4) "desc"
          }
        }
      }
    }
  }
[...]

Actual result:
--------------
[...]
  ["content_queries"]=>
  array(1) {
    ["content_113300831086270200"]=>
    array(1) {
      [2147483647]=> 
[...]

2147483647 is not right...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-11-26 18:11 UTC] mj@php.net

PHP 5.1.0 on Linux compiled with ./configure --enable-wddx gives me the following results that are again different from the 4.4.1 and 4.4.0 results:

array(1) {
  ["content_queries"]=>
  array(1) {
    ["content_113300831086270200"]=>
    array(1) {
      [-2147483648]=>
      array(3) {
        ["max"]=>
        int(10)
        ["cache"]=>
        int(4)
        ["order"]=>
        array(1) {
          ["content_113300831086270200"]=>
          array(1) {
            ["CMS_BUILD"]=>
            string(4) "desc"
          }
        }
      }
    }
  }
}

[2005-11-26 18:32 UTC] thomas dot werner at mac dot com

PHP 5.0.4/5.0.5 on mac and 5.0.5 on linux outputs the same 
like 4.4.0. I guess, this behavior beguns with the "fast" 
fixes of PHP file-upload/$GLOBALS overwrite vulnerability, but 
i'm not shure, or another fix introduced in 4.4.1. maybe the 
xml-parser thinks, oh its a number, not a string and convert 
it to integer, but its out of range... i know only, my php-app 
worked over years :o)

[2005-11-26 18:55 UTC] mj@php.net

I looked into this a bit deeper and it appears that the behaviour changed when fixing #34068.  The patch can be seen at http://cvs.php.net/diff.php/php-src/ext/wddx/wddx.c?ws=0&r1=1.119&r2=1.120&ty=u.

[2005-11-28 09:03 UTC] thomas dot werner at mac dot com

what does it mean? a bug or a new "feature"? feature because 
you wrote "the behaviour changed" ...

[2005-11-30 17:04 UTC] sniper@php.net

Assigned to the one who broke it. :)

[2005-11-30 19:13 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Dec 03 17:01:29 2024 UTC