php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37569 WDDX bad character encoding
Submitted: 2006-05-23 22:19 UTC Modified: 2006-05-25 23:24 UTC
From: jdolecek at NetBSD dot org Assigned: iliaa
Status: Closed Package: WDDX related
PHP Version: 5.1.4 OS: Any
Private report: No CVE-ID:
 [2006-05-23 22:19 UTC] jdolecek at NetBSD dot org
Description:
------------
WDDX serializes control charactes using a <char code="XX"/> construct, However, the code contains sign extension bug, and on platforms with signed char the result XX contains incorrect (sign-extended) code.

This affects e.g. UTF8-encoded non-ASCII text, which can contain characters in 128-160 range.

Fix:

--- wddx.c.orig 2006-05-23 23:58:54.000000000 +0200
+++ wddx.c
@@ -401,7 +401,7 @@ static void php_wddx_serialize_string(wd
                                default:
                                        if (iscntrl((int)*(unsigned char *)p)) {
                                                FLUSH_BUF();
-                                               sprintf(control_buf, WDDX_CHAR, *p);
+                                               sprintf(control_buf, WDDX_CHAR, (int)*(unsigned char *)p);
                                                php_wddx_add_chunk(packet, control_buf);
                                        } else
                                                buf[l++] = *p;


Reproduce code:
---------------
On UNIX with iso-8859-1 locale:

echo wddx_serialize_value(chr(1))."\n";
echo wddx_serialize_value(chr(128))."\n";


Expected result:
----------------
<wddxPacket version='1.0'><header/><data><string><char code='01'/></string></data></wddxPacket>
<wddxPacket version='1.0'><header/><data><string><char code='80'/></string></data></wddxPacket>



Actual result:
--------------
<wddxPacket version='1.0'><header/><data><string><char code='01'/></string></data></wddxPacket>
<wddxPacket version='1.0'><header/><data><string><char code='FFFFFF80'/></string></data></wddxPacket>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-25 23:24 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 23:01:58 2014 UTC