Imported Upstream version 5.1.1upstream/5.1.1

3 files changed, 36 insertions, 20 deletions

diff --git a/ext/ctype/ctype.c b/ext/ctype/ctype.c
index 78f6d293e..506abc561 100644
--- a/ext/ctype/ctype.c
+++ b/ext/ctype/ctype.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2004 The PHP Group                                |
+   | Copyright (c) 1997-2005 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.0 of the PHP license,       |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -92,34 +92,39 @@ PHP_MINFO_FUNCTION(ctype)
 /* {{{ ctype
  */
 #define CTYPE(iswhat) \
-	zval *c; \
+	zval *c, tmp; \
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &c) == FAILURE) \
 		return; \
- 	switch (Z_TYPE_P(c)) { \
-	case IS_LONG: \
+	if (Z_TYPE_P(c) == IS_LONG) { \
 		if (Z_LVAL_P(c) <= 255 && Z_LVAL_P(c) >= 0) { \
 			RETURN_BOOL(iswhat(Z_LVAL_P(c))); \
 		} else if (Z_LVAL_P(c) >= -128 && Z_LVAL_P(c) < 0) { \
 			RETURN_BOOL(iswhat(Z_LVAL_P(c) + 256)); \
 		} \
-		SEPARATE_ZVAL(&c);	\
-		convert_to_string(c);	\
-	case IS_STRING: \
-		{ \
-			char *p; \
-			int n, len; \
-			p=Z_STRVAL_P(c); \
-			len = Z_STRLEN_P(c); \
-			for(n=0;n<len;n++) { \
-				if(!iswhat((int)*(unsigned char *)(p++))) RETURN_FALSE; \
+		tmp = *c; \
+		zval_copy_ctor(&tmp); \
+		convert_to_string(&tmp); \
+	} else { \
+		tmp = *c; \
+	} \
+	if (Z_TYPE(tmp) == IS_STRING) { \
+		char *p = Z_STRVAL(tmp), *e = Z_STRVAL(tmp) + Z_STRLEN(tmp); \
+		if (e == p) {	\
+			if (Z_TYPE_P(c) == IS_LONG) zval_dtor(&tmp); \
+			RETURN_FALSE;	\
+		}	\
+		while (p < e) { \
+			if(!iswhat((int)*(unsigned char *)(p++))) { \
+				if (Z_TYPE_P(c) == IS_LONG) zval_dtor(&tmp); \
+				RETURN_FALSE; \
 			} \
-			RETURN_TRUE; \
 		} \
-	default: \
-		break; \
+		if (Z_TYPE_P(c) == IS_LONG) zval_dtor(&tmp); \
+		RETURN_TRUE; \
+	} else { \
+		RETURN_FALSE; \
 	} \
-	RETURN_FALSE; 
- 
+
 /* }}} */
 
 /* {{{ proto bool ctype_alnum(mixed c)
diff --git a/ext/ctype/php_ctype.h b/ext/ctype/php_ctype.h
index 12b5e9008..0e12c9389 100644
--- a/ext/ctype/php_ctype.h
+++ b/ext/ctype/php_ctype.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2004 The PHP Group                                |
+   | Copyright (c) 1997-2005 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.0 of the PHP license,       |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/ctype/tests/bug34645.phpt b/ext/ctype/tests/bug34645.phpt
new file mode 100644
index 000000000..412c8c992
--- /dev/null
+++ b/ext/ctype/tests/bug34645.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #34645 (ctype corrupts memory when validating large numbers)
+--FILE--
+<?php
+$id = 394829384;
+var_dump(ctype_digit($id));
+var_dump($id);
+?>
+--EXPECT--
+bool(true)
+int(394829384)