|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37569 WDDX bad character encoding
Submitted: 2006-05-23 22:19 UTC Modified: 2006-05-25 23:24 UTC
From: jdolecek at NetBSD dot org Assigned: iliaa
Status: Closed Package: WDDX related
PHP Version: 5.1.4 OS: Any
Private report: No CVE-ID:
 [2006-05-23 22:19 UTC] jdolecek at NetBSD dot org
WDDX serializes control charactes using a <char code="XX"/> construct, However, the code contains sign extension bug, and on platforms with signed char the result XX contains incorrect (sign-extended) code.

This affects e.g. UTF8-encoded non-ASCII text, which can contain characters in 128-160 range.


--- wddx.c.orig 2006-05-23 23:58:54.000000000 +0200
+++ wddx.c
@@ -401,7 +401,7 @@ static void php_wddx_serialize_string(wd
                                        if (iscntrl((int)*(unsigned char *)p)) {
-                                               sprintf(control_buf, WDDX_CHAR, *p);
+                                               sprintf(control_buf, WDDX_CHAR, (int)*(unsigned char *)p);
                                                php_wddx_add_chunk(packet, control_buf);
                                        } else
                                                buf[l++] = *p;

Reproduce code:
On UNIX with iso-8859-1 locale:

echo wddx_serialize_value(chr(1))."\n";
echo wddx_serialize_value(chr(128))."\n";

Expected result:
<wddxPacket version='1.0'><header/><data><string><char code='01'/></string></data></wddxPacket>
<wddxPacket version='1.0'><header/><data><string><char code='80'/></string></data></wddxPacket>

Actual result:
<wddxPacket version='1.0'><header/><data><string><char code='01'/></string></data></wddxPacket>
<wddxPacket version='1.0'><header/><data><string><char code='FFFFFF80'/></string></data></wddxPacket>


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-25 23:24 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 00:01:33 2015 UTC