Skip to content

Commit

Permalink
swoole_substr_json_decode/swoole_substr_unserialize(): optimize valid…
Browse files Browse the repository at this point in the history
…ation for input string, length and offset (#5622)
  • Loading branch information
Appla authored Dec 23, 2024
1 parent 1731aa6 commit d09264e
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions ext-src/php_swoole.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1475,11 +1475,14 @@ static PHP_FUNCTION(swoole_substr_unserialize) {
}
if (offset < 0) {
offset = buf_len + offset;
if (offset < 0) {
RETURN_FALSE;
}
}
if ((zend_long) buf_len <= offset) {
RETURN_FALSE;
}
if (length <= 0) {
if (length <= 0 || length > (zend_long)(buf_len - offset)) {
length = buf_len - offset;
}
zend::unserialize(return_value, buf + offset, length, options ? Z_ARRVAL_P(options) : NULL);
Expand All @@ -1505,15 +1508,21 @@ static PHP_FUNCTION(swoole_substr_json_decode) {
ZEND_PARSE_PARAMETERS_END();

if (str_len == 0) {
RETURN_FALSE;
php_error_docref(nullptr, E_WARNING, "Non-empty string required");
RETURN_NULL();
}
if (offset < 0) {
offset = str_len + offset;
if (offset < 0) {
php_error_docref(nullptr, E_WARNING, "Offset must be not less than the negative length of the string");
RETURN_NULL();
}
}
if ((zend_long) str_len <= offset) {
RETURN_FALSE;
php_error_docref(nullptr, E_WARNING, "Offset must be less than the length of the string");
RETURN_NULL();
}
if (length <= 0) {
if (length <= 0 || length > (zend_long)(str_len - offset)) {
length = str_len - offset;
}
/* For BC reasons, the bool $assoc overrides the long $options bit for PHP_JSON_OBJECT_AS_ARRAY */
Expand Down

0 comments on commit d09264e

Please sign in to comment.