php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56161 ArrayIterator::seek() do nothing
Submitted: 2004-08-09 05:30 UTC Modified: 2004-08-31 18:25 UTC
From: frederic dot lecointre at burnweb dot net Assigned: helly (profile)
Status: Closed Package: SPL (PECL)
PHP Version: 5.0.1 OS: *
Private report: No CVE-ID: None
 [2004-08-09 05:30 UTC] frederic dot lecointre at burnweb dot net
Description:
------------
ArrayIterator::seek do nothing in this code and we can set an out of bounds argument.

Reproduce code:
---------------
<?php

$myIt = new ArrayIterator(range( 0, 50));
$myIt->seek(20);

echo $myIt->current(), "\n"; // out: 1 expected 20

$myIt->seek(5000); // ? out of bounds but no error or Exception
?>


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-31 07:16 UTC] frederic dot lecointre at burnweb dot net
Description:
------------
ArrayIterator::seek do nothing in this code and we can set an out of
bounds argument.

Reproduce code:
---------------
<?php

$myIt = new ArrayIterator(range( 0, 50));
$myIt->seek(20);

echo $myIt->current(), "\n"; // out: 1 expected 20

$myIt->seek(5000); // ? out of bounds but no error or Exception
?>
 [2004-08-31 07:18 UTC] frederic dot lecointre at burnweb dot net
fixed
1) output from Reproduce code: 
20 -> expected and correct

Warning: ArrayIterator::seek(): out of bounds in /root/bug_ArrayIterator_seek.psh on line 9 -> throw E_WARNING

2) code fix
_________________________

/* {{{ proto void ArrayIterator::seek(int $position)
 Seek to position. */
SPL_METHOD(Array, seek)
{
	long position;
	zval *object = getThis();
	spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(object TSRMLS_CC);
	HashTable *aht = HASH_OF(intern->array);

	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &position) == FAILURE) {
		return;
	}

	if (!aht) {
		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Array was modified outside object and is no longer an array");
		return;
	}

/*-----start fix Bug #2091 Package: SPL 
	Bug #2091 ArrayIterator::seek() do nothing 
	ArrayIterator::seek do nothing in this code and we can set an out of bounds argument 
*/

	/* fix can pass out of bound argument */
	if( zend_hash_num_elements(aht) > position){

		zend_hash_internal_pointer_reset_ex(aht, &intern->pos);
		while (position-- > 0 && (spl_array_next(intern TSRMLS_CC) == SUCCESS)); /* fix seek do nothing */
	
	}
	else{
		php_error_docref(NULL TSRMLS_CC, E_WARNING, "out of bounds"); /* throw exception or error E_NOTICE, E_WARNING, E_ERROR ??? */
		return;
	}

/*-----end fix Bug #2091*/

} /* }}} */
____________________________
 [2004-08-31 18:25 UTC] helly@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 17:01:58 2024 UTC