diff --git a/UPGRADING b/UPGRADING index 9282941272f..d2985b3e080 100644 --- a/UPGRADING +++ b/UPGRADING @@ -31,6 +31,10 @@ PHP 8.4 UPGRADE NOTES will not affect you. As a result DOMImplementation::createDocument() now has a tentative return type of DOMDocument instead of DOMDocument|false. +- MBString: + . mb_encode_numericentity() and mb_decode_numericentity() now check that + the $map is only composed of integers, if not a ValueError is thrown. + - PDO_DBLIB: . setAttribute, DBLIB_ATTR_STRINGIFY_UNIQUEIDENTIFIER and DBLIB_ATTR_DATETIME_CONVERT have been changed to set value as a bool. diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index d118e840ba7..c01fbde3e81 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3878,7 +3878,14 @@ static uint32_t *make_conversion_map(HashTable *target_hash, size_t *conversion_ uint32_t *mapelm = convmap; ZEND_HASH_FOREACH_VAL(target_hash, hash_entry) { - *mapelm++ = zval_get_long(hash_entry); + bool failed = true; + zend_long tmp = zval_try_get_long(hash_entry, &failed); + if (failed) { + efree(convmap); + zend_argument_value_error(2, "must only be composed of values of type int"); + return NULL; + } + *mapelm++ = tmp; } ZEND_HASH_FOREACH_END(); return convmap; diff --git a/ext/mbstring/tests/mb_decode_numericentity.phpt b/ext/mbstring/tests/mb_decode_numericentity.phpt index 4200c7434f3..e5c1c27c7ac 100644 --- a/ext/mbstring/tests/mb_decode_numericentity.phpt +++ b/ext/mbstring/tests/mb_decode_numericentity.phpt @@ -61,13 +61,6 @@ echo "12: " . bin2hex(mb_decode_numericentity(mb_convert_encoding('�', $convmap = []; echo "13: " . mb_decode_numericentity('föo', $convmap, "UTF-8") . "\n"; -$convmap = array(0x0, 0x2FFFF, 0); // 3 elements -try { - echo "14: " . mb_decode_numericentity($str3, $convmap, "UTF-8") . "\n"; -} catch (ValueError $ex) { - echo "14: " . $ex->getMessage()."\n"; -} - echo "15: " . bin2hex(mb_decode_numericentity('�', [0, 1, 0, 0xFFFF], 'UTF-8')) . "\n"; echo "16: " . bin2hex(mb_decode_numericentity('�', [0, 1, 0, 0xFFFF], 'UTF-8')) . "\n"; @@ -182,7 +175,6 @@ for ($i = 12; $i < 256; $i++) { 11e: � 12: 00bc614e 13: föo -14: mb_decode_numericentity(): Argument #2 ($map) must have a multiple of 4 elements 15: 00 16: 00 17: föo diff --git a/ext/mbstring/tests/mb_decode_numericentity_errors.phpt b/ext/mbstring/tests/mb_decode_numericentity_errors.phpt new file mode 100644 index 00000000000..5c08fec890d --- /dev/null +++ b/ext/mbstring/tests/mb_decode_numericentity_errors.phpt @@ -0,0 +1,23 @@ +--TEST-- +mb_decode_numericentity() map errors +--EXTENSIONS-- +mbstring +--FILE-- +getMessage(), "\n"; +} +try { + $convmap = array(0xFF, "not an int", 0, 0); // 3 elements + echo mb_decode_numericentity('str', $convmap, "UTF-8") . "\n"; +} catch (ValueError $ex) { + echo $ex->getMessage(), "\n"; +} + +?> +--EXPECT-- +mb_decode_numericentity(): Argument #2 ($map) must have a multiple of 4 elements +mb_decode_numericentity(): Argument #2 ($map) must only be composed of values of type int diff --git a/ext/mbstring/tests/mb_encode_numericentity.phpt b/ext/mbstring/tests/mb_encode_numericentity.phpt index 8ab92fbd4c3..a394a58d261 100644 --- a/ext/mbstring/tests/mb_encode_numericentity.phpt +++ b/ext/mbstring/tests/mb_encode_numericentity.phpt @@ -17,13 +17,6 @@ echo "3: " . mb_encode_numericentity('aŒbœcŠdše€fg', $convmap, "UTF-8") . $convmap = []; echo "4: " . mb_encode_numericentity('föo', $convmap, "UTF-8") . "\n"; -try { - $convmap = array(0xFF, 0x2FFFF, 0); // 3 elements - echo "5: " . mb_encode_numericentity('aŒbœcŠdše€fg', $convmap, "UTF-8") . "\n"; -} catch (ValueError $ex) { - echo "5: " . $ex->getMessage() . "\n"; -} - // HTML-encode a null byte echo "6: " . mb_encode_numericentity("\x00", array(0, 1, 0, 0xFFFF), "UTF-8", false) . "\n"; echo "6 (hex): " . mb_encode_numericentity("\x00", array(0, 1, 0, 0xFFFF), "UTF-8", true) . "\n"; @@ -72,7 +65,6 @@ echo "13: " . mb_encode_numericentity("\xFF", $convmap, "ASCII", true) . "\n"; 2: ƒΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩαβγδεζηθικλμνξοπρςστυφχψωϑϒϖ•…′″‾⁄℘ℑℜ™ℵ←↑→↓↔↵⇐⇑⇒⇓⇔∀∂∃∅∇∈∉∋∏∑−∗√∝∞∠∧∨∩∪∫∴∼≅≈≠≡≤≥⊂⊃⊄⊆⊇⊕⊗⊥⋅⌈⌉⌊⌋〈〉◊♠♣♥♦ 3: aŒbœcŠdše€fg 4: föo -5: mb_encode_numericentity(): Argument #2 ($map) must have a multiple of 4 elements 6: � 6 (hex): � 7: föo diff --git a/ext/mbstring/tests/mb_encode_numericentity_errors.phpt b/ext/mbstring/tests/mb_encode_numericentity_errors.phpt new file mode 100644 index 00000000000..8b41bb87e0c --- /dev/null +++ b/ext/mbstring/tests/mb_encode_numericentity_errors.phpt @@ -0,0 +1,23 @@ +--TEST-- +mb_encode_numericentity() map errors +--EXTENSIONS-- +mbstring +--FILE-- +getMessage(), "\n"; +} +try { + $convmap = array(0xFF, "not an int", 0, 0); // 3 elements + echo mb_encode_numericentity('str', $convmap, "UTF-8") . "\n"; +} catch (ValueError $ex) { + echo $ex->getMessage(), "\n"; +} + +?> +--EXPECT-- +mb_encode_numericentity(): Argument #2 ($map) must have a multiple of 4 elements +mb_encode_numericentity(): Argument #2 ($map) must only be composed of values of type int