php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56161 ArrayIterator::seek() do nothing
Submitted: 2004-08-09 05:30 UTC Modified: 2004-08-31 18:25 UTC
From: frederic dot lecointre at burnweb dot net Assigned: helly (profile)
Status: Closed Package: SPL (PECL)
PHP Version: 5.0.1 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: frederic dot lecointre at burnweb dot net
New email:
PHP Version: OS:

 

 [2004-08-09 05:30 UTC] frederic dot lecointre at burnweb dot net
Description:
------------
ArrayIterator::seek do nothing in this code and we can set an out of bounds argument.

Reproduce code:
---------------
<?php

$myIt = new ArrayIterator(range( 0, 50));
$myIt->seek(20);

echo $myIt->current(), "\n"; // out: 1 expected 20

$myIt->seek(5000); // ? out of bounds but no error or Exception
?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-08-31 07:16 UTC] frederic dot lecointre at burnweb dot net
Description:
------------
ArrayIterator::seek do nothing in this code and we can set an out of
bounds argument.

Reproduce code:
---------------
<?php

$myIt = new ArrayIterator(range( 0, 50));
$myIt->seek(20);

echo $myIt->current(), "\n"; // out: 1 expected 20

$myIt->seek(5000); // ? out of bounds but no error or Exception
?>
 [2004-08-31 07:18 UTC] frederic dot lecointre at burnweb dot net
fixed
1) output from Reproduce code: 
20 -> expected and correct

Warning: ArrayIterator::seek(): out of bounds in /root/bug_ArrayIterator_seek.psh on line 9 -> throw E_WARNING

2) code fix
_________________________

/* {{{ proto void ArrayIterator::seek(int $position)
 Seek to position. */
SPL_METHOD(Array, seek)
{
	long position;
	zval *object = getThis();
	spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(object TSRMLS_CC);
	HashTable *aht = HASH_OF(intern->array);

	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &position) == FAILURE) {
		return;
	}

	if (!aht) {
		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Array was modified outside object and is no longer an array");
		return;
	}

/*-----start fix Bug #2091 Package: SPL 
	Bug #2091 ArrayIterator::seek() do nothing 
	ArrayIterator::seek do nothing in this code and we can set an out of bounds argument 
*/

	/* fix can pass out of bound argument */
	if( zend_hash_num_elements(aht) > position){

		zend_hash_internal_pointer_reset_ex(aht, &intern->pos);
		while (position-- > 0 && (spl_array_next(intern TSRMLS_CC) == SUCCESS)); /* fix seek do nothing */
	
	}
	else{
		php_error_docref(NULL TSRMLS_CC, E_WARNING, "out of bounds"); /* throw exception or error E_NOTICE, E_WARNING, E_ERROR ??? */
		return;
	}

/*-----end fix Bug #2091*/

} /* }}} */
____________________________
 [2004-08-31 18:25 UTC] helly@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Jan 26 17:01:25 2020 UTC