Patch json-0 for JSON related Bug #68546
Patch version 2015-05-28 00:54 UTC
Return to Bug #68546 |
Download this patch
Patch Revisions:
Developer: cmb@php.net
ext/json/JSON_parser.c | 6 ++++++
ext/json/tests/bug68546.phpt | 14 ++++++++++++++
2 files changed, 20 insertions(+)
diff --git a/ext/json/JSON_parser.c b/ext/json/JSON_parser.c
index dd832a7..6e5cb08 100644
--- a/ext/json/JSON_parser.c
+++ b/ext/json/JSON_parser.c
@@ -550,6 +550,12 @@ parse_JSON_ex(JSON_parser jp, zval *z, unsigned short utf16_json[], int length,
json_create_zval(&mval, &buf, type, options);
if (!assoc) {
+ /* don't allow a property starting with \0 */
+ if (key.len > 0 && *key.c == 0) {
+ FREE_BUFFERS();
+ jp->error_code = PHP_JSON_ERROR_CTRL_CHAR;
+ return false;
+ }
add_property_zval_ex(jp->the_zstack[jp->top], (key.len ? key.c : "_empty_"), (key.len ? (key.len + 1) : sizeof("_empty_")), mval TSRMLS_CC);
Z_DELREF_P(mval);
} else {
diff --git a/ext/json/tests/bug68546.phpt b/ext/json/tests/bug68546.phpt
new file mode 100644
index 0000000..8a747d4
--- /dev/null
+++ b/ext/json/tests/bug68546.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #68546 - json_decode() Fatal error: Cannot access property started with '\0'
+--SKIPIF--
+<?php
+if (!extension_loaded("json")) die("skip this test requires json"); ?>
+?>
+--FILE--
+<?php
+var_dump(json_decode('{"\u0000": 1}'));
+var_dump(json_last_error());
+?>
+--EXPECT--
+NULL
+int(3)
|
Copyright © 2001-2024 The PHP Group