PHP :: Bug #38378 :: wddx_serialize_value geneates no wellformed xml

Bug #38378

wddx_serialize_value geneates no wellformed xml

Submitted:

2006-08-08 09:57 UTC

Modified:

2006-08-24 08:30 UTC

Votes:	5
Avg. Score:	5.0 ± 0.0
Reproduced:	5 of 5 (100.0%)
Same Version:	4 (80.0%)
Same OS:	3 (60.0%)

From:

clemens at gutweiler dot net

Assigned:

Status:

Closed

Package:

WDDX related

PHP Version:

4.4.3

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 1 + 50 = ?
Subscribe to this entry?

[2006-08-08 09:57 UTC] clemens at gutweiler dot net

Description:
------------
wddx_serialize_value generates an invalid wddx package/xml 
string.

in php version 4.4.2 the sample code works, in 4.4.3 not.

Reproduce code:
---------------
<?php
        $array = array(
                'index' => array(
                        1 => 'integer key',
                        'string' => 'string key'
                )
        );
        var_dump( wddx_serialize_value( $array ) );
?>


Expected result:
----------------
/web/cg/playground# /usr/local/php-4.4.2-fastcgi/bin/php 
wddx.php 

string(219) "<wddxPacket version='1.0'><header/
><data><struct><var name='index'><struct><var 
name='1'><string>integer key</string></var><var 
name='string'><string>string key</string></var></struct></
var></struct></data></wddxPacket>"


Actual result:
--------------
/web/cg/playground# /usr/local/php-4.4.3-fastcgi/bin/php 
wddx.php 

string(179) "<wddxPacket version='1.0'><header/
><data><struct><var <struct><string>integer key</string></
var><var n<string>string key</string></var></struct></var></
struct></data></wddxPacket>"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-08-17 13:06 UTC] hweidner at gmx dot net

The function wddx_serialize_vars seems also affected:

$array=array("aaa", "bbb", "ccc");
echo wddx_serialize_vars("array");

creates to the broken XML code unter PHP 4.4.3

<wddxPacket version='1.0'><header/><data><struct><var<array
length='3'><string>aaa</string><string>bbb</string><string>ccc</string></array></var></struct></data></wddxPacket>

[2006-08-21 14:36 UTC] sj at sjaensch dot org

When replacing sprintf() with snprintf(), the length of the resulting string was calculated wrongly. Patch follows:


--- php-4.4.3/ext/wddx/wddx.c   Fri May 26 03:55:26 2006
+++ php-4.4.3-fixed/ext/wddx/wddx.c     Mon Aug 21 16:30:44 2006
@@ -626,12 +626,13 @@
 {
        char *tmp_buf;
        char *name_esc;
-       int name_esc_len;
+       int name_esc_len, tmp_buf_len;

        if (name) {
                name_esc = php_escape_html_entities(name, name_len, &name_esc_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-               tmp_buf = emalloc(name_esc_len + 1);
-               snprintf(tmp_buf, name_esc_len, WDDX_VAR_S, name_esc);
+               tmp_buf_len = name_esc_len + strlen(WDDX_VAR_S);
+               tmp_buf = emalloc(tmp_buf_len+1);
+               snprintf(tmp_buf, tmp_buf_len, WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
                efree(tmp_buf);
                efree(name_esc);

[2006-08-23 11:11 UTC] grzegorz dot nosek at netart dot pl

You also need something like the patch below because serialization of plain integers is broken too. If you don't want to use full WDDX_BUF_LEN, Z_STRLEN(tmp) + Z_STRLEN(WDDX_NUMBER) (or something) might suffice.

Without the patch things like <number>1</number> seem to get eaten.

Trivial test case attached in the following diff.

--- php/ext/wddx/wddx.c~        Wed Aug 23 12:01:10 2006
+++ php/ext/wddx/wddx.c Wed Aug 23 12:00:35 2006
@@ -432,7 +432,7 @@
        tmp = *var;
        zval_copy_ctor(&tmp);
        convert_to_string(&tmp);
-       snprintf(tmp_buf, Z_STRLEN(tmp), WDDX_NUMBER, Z_STRVAL(tmp));
+       snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_NUMBER, Z_STRVAL(tmp));
        zval_dtor(&tmp);

        php_wddx_add_chunk(packet, tmp_buf);
--- /dev/null   Fri Jun 28 13:33:12 2002
+++ php/ext/wddx/tests/bug38738.phpt    Wed Aug 23 12:04:10 2006
@@ -0,0 +1,13 @@
+--TEST--
+Bug #38378     wddx_serialize_value geneates no wellformed xml
+--FILE--
+<?php
+
+$hash["int"] = 1;
+$hash["string"] = "test";
+
+print wddx_serialize_vars('hash')."\n";
+?>
+--EXPECT--
+<wddxPacket version='1.0'><header/><data><struct><var name='hash'><struct><var name='int'><number>1</number></var><var name='string'><string>test</string></var></struct></var></struct></data></wddxPacket>
+

[2006-08-24 08:30 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 19:00:02 2025 UTC