Skip to content

Commit b71d2e1

Browse files
derickrderickr
committedAug 9, 2023
Fix GH-11416: Crash with DatePeriod when uninitialised objects are passed in (PHP 8.2+)
·
security-audit-2024php-8.2.10RC1
1 parent 7f6e98c commit b71d2e1

File tree

3 files changed

+66
-0
lines changed

3 files changed

+66
-0
lines changed
 

‎NEWS

+4
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@ PHP NEWS
88
. Fixed bug GH-10964 (Improve man page about the built-in server).
99
(Alexandre Daubois)
1010

11+
- Date:
12+
. Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are
13+
passed in). (Derick)
14+
1115
- Core:
1216
. Fixed strerror_r detection at configuration time. (Kévin Dunglas)
1317

‎ext/date/php_date.c

+20
Original file line numberDiff line numberDiff line change
@@ -5312,6 +5312,11 @@ static bool php_date_period_initialize_from_hash(php_period_obj *period_obj, Has
53125312
if (Z_TYPE_P(ht_entry) == IS_OBJECT && instanceof_function(Z_OBJCE_P(ht_entry), date_ce_interface)) {
53135313
php_date_obj *date_obj;
53145314
date_obj = Z_PHPDATE_P(ht_entry);
5315+
5316+
if (!date_obj->time) {
5317+
return 0;
5318+
}
5319+
53155320
if (period_obj->start != NULL) {
53165321
timelib_time_dtor(period_obj->start);
53175322
}
@@ -5329,6 +5334,11 @@ static bool php_date_period_initialize_from_hash(php_period_obj *period_obj, Has
53295334
if (Z_TYPE_P(ht_entry) == IS_OBJECT && instanceof_function(Z_OBJCE_P(ht_entry), date_ce_interface)) {
53305335
php_date_obj *date_obj;
53315336
date_obj = Z_PHPDATE_P(ht_entry);
5337+
5338+
if (!date_obj->time) {
5339+
return 0;
5340+
}
5341+
53325342
if (period_obj->end != NULL) {
53335343
timelib_time_dtor(period_obj->end);
53345344
}
@@ -5345,6 +5355,11 @@ static bool php_date_period_initialize_from_hash(php_period_obj *period_obj, Has
53455355
if (Z_TYPE_P(ht_entry) == IS_OBJECT && instanceof_function(Z_OBJCE_P(ht_entry), date_ce_interface)) {
53465356
php_date_obj *date_obj;
53475357
date_obj = Z_PHPDATE_P(ht_entry);
5358+
5359+
if (!date_obj->time) {
5360+
return 0;
5361+
}
5362+
53485363
if (period_obj->current != NULL) {
53495364
timelib_time_dtor(period_obj->current);
53505365
}
@@ -5361,6 +5376,11 @@ static bool php_date_period_initialize_from_hash(php_period_obj *period_obj, Has
53615376
if (Z_TYPE_P(ht_entry) == IS_OBJECT && Z_OBJCE_P(ht_entry) == date_ce_interval) {
53625377
php_interval_obj *interval_obj;
53635378
interval_obj = Z_PHPINTERVAL_P(ht_entry);
5379+
5380+
if (!interval_obj->initialized) {
5381+
return 0;
5382+
}
5383+
53645384
if (period_obj->interval != NULL) {
53655385
timelib_rel_time_dtor(period_obj->interval);
53665386
}

‎ext/date/tests/bug-gh11416.phpt

+42
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ date.timezone=UTC
55
--FILE--
66
<?php
77
$now = new DateTimeImmutable();
8+
$simpleInterval = new DateInterval("P2D");
89

910
$date = (new ReflectionClass(DateTime::class))->newInstanceWithoutConstructor();
1011
try {
@@ -20,9 +21,50 @@ try {
2021
echo get_class($e), ': ', $e->getMessage(), "\n";
2122
}
2223

24+
$date = (new ReflectionClass(DateTime::class))->newInstanceWithoutConstructor();
25+
$dateperiod = (new ReflectionClass(DatePeriod::class))->newInstanceWithoutConstructor();
26+
$dateinterval = (new ReflectionClass(DateInterval::class))->newInstanceWithoutConstructor();
27+
try {
28+
$dateperiod->__unserialize(['start' => $date]);
29+
} catch (Error $e) {
30+
echo get_class($e), ': ', $e->getMessage(), "\n";
31+
}
32+
33+
try {
34+
$dateperiod->__unserialize(['start' => $now, 'end' => $date]);
35+
} catch (Error $e) {
36+
echo get_class($e), ': ', $e->getMessage(), "\n";
37+
}
38+
39+
try {
40+
$dateperiod->__unserialize(['start' => $now, 'end' => $now, 'current' => $date]);
41+
} catch (Error $e) {
42+
echo get_class($e), ': ', $e->getMessage(), "\n";
43+
}
44+
45+
try {
46+
$dateperiod->__unserialize(['start' => $now, 'end' => $now, 'current' => $now, 'interval' => $dateinterval]);
47+
} catch (Error $e) {
48+
echo get_class($e), ': ', $e->getMessage(), "\n";
49+
}
50+
51+
try {
52+
$dateperiod->__unserialize([
53+
'start' => $now, 'end' => $now, 'current' => $now, 'interval' => $simpleInterval,
54+
'recurrences' => 2, 'include_start_date' => true, 'include_end_date' => true,
55+
]);
56+
echo "DatePeriod::__unserialize: SUCCESS\n";
57+
} catch (Error $e) {
58+
echo get_class($e), ': ', $e->getMessage(), "\n";
59+
}
2360
echo "OK\n";
2461
?>
2562
--EXPECT--
2663
Error: The DateTimeInterface object has not been correctly initialized by its constructor
2764
Error: The DateTimeInterface object has not been correctly initialized by its constructor
65+
Error: Invalid serialization data for DatePeriod object
66+
Error: Invalid serialization data for DatePeriod object
67+
Error: Invalid serialization data for DatePeriod object
68+
Error: Invalid serialization data for DatePeriod object
69+
DatePeriod::__unserialize: SUCCESS
2870
OK

0 commit comments

Comments
 (0)
Please sign in to comment.