1/*
2  +----------------------------------------------------------------------+
3  | PHP Version 5                                                        |
4  +----------------------------------------------------------------------+
5  | Copyright (c) 1997-2014 The PHP Group                                |
6  +----------------------------------------------------------------------+
7  | This source file is subject to version 3.01 of the PHP license,      |
8  | that is bundled with this package in the file LICENSE, and is        |
9  | available through the world-wide-web at the following url:           |
10  | http://www.php.net/license/3_01.txt                                  |
11  | If you did not receive a copy of the PHP license and are unable to   |
12  | obtain it through the world-wide-web, please send a note to          |
13  | license@php.net so we can mail you a copy immediately.               |
14  +----------------------------------------------------------------------+
15  | Author: Sascha Schumann <sascha@schumann.cx>                         |
16  +----------------------------------------------------------------------+
17*/
18
19/* $Id$ */
20
21#include "php.h"
22#include "ext/standard/php_var.h"
23#include "php_incomplete_class.h"
24#include "Zend/zend_interfaces.h"
25
26/* {{{ reference-handling for unserializer: var_* */
27#define VAR_ENTRIES_MAX 1024
28#define VAR_ENTRIES_DBG 0
29
30typedef struct {
31    zval *data[VAR_ENTRIES_MAX];
32    long used_slots;
33    void *next;
34} var_entries;
35
36static inline void var_push(php_unserialize_data_t *var_hashx, zval **rval)
37{
38    var_entries *var_hash = (*var_hashx)->last;
39#if VAR_ENTRIES_DBG
40    fprintf(stderr, "var_push(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval));
41#endif
42
43    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
44        var_hash = emalloc(sizeof(var_entries));
45        var_hash->used_slots = 0;
46        var_hash->next = 0;
47
48        if (!(*var_hashx)->first) {
49            (*var_hashx)->first = var_hash;
50        } else {
51            ((var_entries *) (*var_hashx)->last)->next = var_hash;
52        }
53
54        (*var_hashx)->last = var_hash;
55    }
56
57    var_hash->data[var_hash->used_slots++] = *rval;
58}
59
60PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
61{
62    var_entries *var_hash;
63
64    if (!var_hashx || !*var_hashx) {
65        return;
66    }
67
68    var_hash = (*var_hashx)->last_dtor;
69#if VAR_ENTRIES_DBG
70    fprintf(stderr, "var_push_dtor(%p, %ld): %d\n", *rval, var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval));
71#endif
72
73    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
74        var_hash = emalloc(sizeof(var_entries));
75        var_hash->used_slots = 0;
76        var_hash->next = 0;
77
78        if (!(*var_hashx)->first_dtor) {
79            (*var_hashx)->first_dtor = var_hash;
80        } else {
81            ((var_entries *) (*var_hashx)->last_dtor)->next = var_hash;
82        }
83
84        (*var_hashx)->last_dtor = var_hash;
85    }
86
87    Z_ADDREF_PP(rval);
88    var_hash->data[var_hash->used_slots++] = *rval;
89}
90
91PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval)
92{
93    var_entries *var_hash;
94
95    if (!var_hashx || !*var_hashx) {
96        return;
97    }
98
99    var_hash = (*var_hashx)->last_dtor;
100#if VAR_ENTRIES_DBG
101    fprintf(stderr, "var_push_dtor_no_addref(%p, %ld): %d (%d)\n", *rval, var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval), Z_REFCOUNT_PP(rval));
102#endif
103
104    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
105        var_hash = emalloc(sizeof(var_entries));
106        var_hash->used_slots = 0;
107        var_hash->next = 0;
108
109        if (!(*var_hashx)->first_dtor) {
110            (*var_hashx)->first_dtor = var_hash;
111        } else {
112            ((var_entries *) (*var_hashx)->last_dtor)->next = var_hash;
113        }
114
115        (*var_hashx)->last_dtor = var_hash;
116    }
117
118    var_hash->data[var_hash->used_slots++] = *rval;
119}
120
121PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval)
122{
123    long i;
124    var_entries *var_hash = (*var_hashx)->first;
125#if VAR_ENTRIES_DBG
126    fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval));
127#endif
128
129    while (var_hash) {
130        for (i = 0; i < var_hash->used_slots; i++) {
131            if (var_hash->data[i] == ozval) {
132                var_hash->data[i] = *nzval;
133                /* do not break here */
134            }
135        }
136        var_hash = var_hash->next;
137    }
138}
139
140static int var_access(php_unserialize_data_t *var_hashx, long id, zval ***store)
141{
142    var_entries *var_hash = (*var_hashx)->first;
143#if VAR_ENTRIES_DBG
144    fprintf(stderr, "var_access(%ld): %ld\n", var_hash?var_hash->used_slots:-1L, id);
145#endif
146
147    while (id >= VAR_ENTRIES_MAX && var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) {
148        var_hash = var_hash->next;
149        id -= VAR_ENTRIES_MAX;
150    }
151
152    if (!var_hash) return !SUCCESS;
153
154    if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
155
156    *store = &var_hash->data[id];
157
158    return SUCCESS;
159}
160
161PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
162{
163    void *next;
164    long i;
165    var_entries *var_hash = (*var_hashx)->first;
166#if VAR_ENTRIES_DBG
167    fprintf(stderr, "var_destroy(%ld)\n", var_hash?var_hash->used_slots:-1L);
168#endif
169
170    while (var_hash) {
171        next = var_hash->next;
172        efree(var_hash);
173        var_hash = next;
174    }
175
176    var_hash = (*var_hashx)->first_dtor;
177
178    while (var_hash) {
179        for (i = 0; i < var_hash->used_slots; i++) {
180#if VAR_ENTRIES_DBG
181    fprintf(stderr, "var_destroy dtor(%p, %ld)\n", var_hash->data[i], Z_REFCOUNT_P(var_hash->data[i]));
182#endif
183            zval_ptr_dtor(&var_hash->data[i]);
184        }
185        next = var_hash->next;
186        efree(var_hash);
187        var_hash = next;
188    }
189}
190
191/* }}} */
192
193static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen)
194{
195    size_t i, j;
196    char *str = safe_emalloc(*len, 1, 1);
197    unsigned char *end = *(unsigned char **)p+maxlen;
198
199    if (end < *p) {
200        efree(str);
201        return NULL;
202    }
203
204    for (i = 0; i < *len; i++) {
205        if (*p >= end) {
206            efree(str);
207            return NULL;
208        }
209        if (**p != '\\') {
210            str[i] = (char)**p;
211        } else {
212            unsigned char ch = 0;
213
214            for (j = 0; j < 2; j++) {
215                (*p)++;
216                if (**p >= '0' && **p <= '9') {
217                    ch = (ch << 4) + (**p -'0');
218                } else if (**p >= 'a' && **p <= 'f') {
219                    ch = (ch << 4) + (**p -'a'+10);
220                } else if (**p >= 'A' && **p <= 'F') {
221                    ch = (ch << 4) + (**p -'A'+10);
222                } else {
223                    efree(str);
224                    return NULL;
225                }
226            }
227            str[i] = (char)ch;
228        }
229        (*p)++;
230    }
231    str[i] = 0;
232    *len = i;
233    return str;
234}
235
236#define YYFILL(n) do { } while (0)
237#define YYCTYPE unsigned char
238#define YYCURSOR cursor
239#define YYLIMIT limit
240#define YYMARKER marker
241
242
243/*!re2c
244uiv = [+]? [0-9]+;
245iv = [+-]? [0-9]+;
246nv = [+-]? ([0-9]* "." [0-9]+|[0-9]+ "." [0-9]*);
247nvexp = (iv | nv) [eE] [+-]? iv;
248any = [\000-\377];
249object = [OC];
250*/
251
252
253
254static inline long parse_iv2(const unsigned char *p, const unsigned char **q)
255{
256    char cursor;
257    long result = 0;
258    int neg = 0;
259
260    switch (*p) {
261        case '-':
262            neg++;
263            /* fall-through */
264        case '+':
265            p++;
266    }
267
268    while (1) {
269        cursor = (char)*p;
270        if (cursor >= '0' && cursor <= '9') {
271            result = result * 10 + (size_t)(cursor - (unsigned char)'0');
272        } else {
273            break;
274        }
275        p++;
276    }
277    if (q) *q = p;
278    if (neg) return -result;
279    return result;
280}
281
282static inline long parse_iv(const unsigned char *p)
283{
284    return parse_iv2(p, NULL);
285}
286
287/* no need to check for length - re2c already did */
288static inline size_t parse_uiv(const unsigned char *p)
289{
290    unsigned char cursor;
291    size_t result = 0;
292
293    if (*p == '+') {
294        p++;
295    }
296
297    while (1) {
298        cursor = *p;
299        if (cursor >= '0' && cursor <= '9') {
300            result = result * 10 + (size_t)(cursor - (unsigned char)'0');
301        } else {
302            break;
303        }
304        p++;
305    }
306    return result;
307}
308
309#define UNSERIALIZE_PARAMETER zval **rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC
310#define UNSERIALIZE_PASSTHRU rval, p, max, var_hash TSRMLS_CC
311
312static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long elements, int objprops)
313{
314    while (elements-- > 0) {
315        zval *key, *data, **old_data;
316
317        ALLOC_INIT_ZVAL(key);
318
319        if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
320            var_push_dtor_no_addref(var_hash, &key);
321            return 0;
322        }
323
324        if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) {
325            var_push_dtor_no_addref(var_hash, &key);
326            return 0;
327        }
328
329        ALLOC_INIT_ZVAL(data);
330
331        if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
332            var_push_dtor_no_addref(var_hash, &key);
333            var_push_dtor_no_addref(var_hash, &data);
334            return 0;
335        }
336
337        if (!objprops) {
338            switch (Z_TYPE_P(key)) {
339            case IS_LONG:
340                if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)&old_data)==SUCCESS) {
341                    var_push_dtor(var_hash, old_data);
342                }
343                zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
344                break;
345            case IS_STRING:
346                if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
347                    var_push_dtor(var_hash, old_data);
348                }
349                zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
350                break;
351            }
352        } else {
353            /* object properties should include no integers */
354            convert_to_string(key);
355            if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
356                var_push_dtor(var_hash, old_data);
357            }
358            zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
359                    sizeof data, NULL);
360        }
361        var_push_dtor(var_hash, &data);
362        var_push_dtor_no_addref(var_hash, &key);
363
364        if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
365            (*p)--;
366            return 0;
367        }
368    }
369
370    return 1;
371}
372
373static inline int finish_nested_data(UNSERIALIZE_PARAMETER)
374{
375    if (*((*p)++) == '}')
376        return 1;
377
378#if SOMETHING_NEW_MIGHT_LEAD_TO_CRASH_ENABLE_IF_YOU_ARE_BRAVE
379    zval_ptr_dtor(rval);
380#endif
381    return 0;
382}
383
384static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
385{
386    long datalen;
387
388    datalen = parse_iv2((*p) + 2, p);
389
390    (*p) += 2;
391
392    if (datalen < 0 || (max - (*p)) <= datalen) {
393        zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
394        return 0;
395    }
396
397    if (ce->unserialize == NULL) {
398        zend_error(E_WARNING, "Class %s has no unserializer", ce->name);
399        object_init_ex(*rval, ce);
400    } else if (ce->unserialize(rval, ce, (const unsigned char*)*p, datalen, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) {
401        return 0;
402    }
403
404    (*p) += datalen;
405
406    return finish_nested_data(UNSERIALIZE_PASSTHRU);
407}
408
409static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
410{
411    long elements;
412
413    elements = parse_iv2((*p) + 2, p);
414
415    (*p) += 2;
416
417    /* The internal class check here is a BC fix only, userspace classes implementing the
418    Serializable interface have eventually an inconsistent behavior at this place when
419    unserialized from a manipulated string. Additionaly the interal classes can possibly
420    crash PHP so they're still disabled here. */
421    if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) {
422        object_init_ex(*rval, ce);
423    } else {
424        /* If this class implements Serializable, it should not land here but in object_custom(). The passed string
425        obviously doesn't descend from the regular serializer. */
426        zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name);
427        return 0;
428    }
429
430    return elements;
431}
432
433#ifdef PHP_WIN32
434# pragma optimize("", off)
435#endif
436static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
437{
438    zval *retval_ptr = NULL;
439    zval fname;
440
441    if (Z_TYPE_PP(rval) != IS_OBJECT) {
442        return 0;
443    }
444
445    if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
446        return 0;
447    }
448
449    if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
450        zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
451        INIT_PZVAL(&fname);
452        ZVAL_STRINGL(&fname, "__wakeup", sizeof("__wakeup") - 1, 0);
453        BG(serialize_lock)++;
454        call_user_function_ex(CG(function_table), rval, &fname, &retval_ptr, 0, 0, 1, NULL TSRMLS_CC);
455        BG(serialize_lock)--;
456    }
457
458    if (retval_ptr) {
459        zval_ptr_dtor(&retval_ptr);
460    }
461
462    if (EG(exception)) {
463        return 0;
464    }
465
466    return finish_nested_data(UNSERIALIZE_PASSTHRU);
467
468}
469#ifdef PHP_WIN32
470# pragma optimize("", on)
471#endif
472
473PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
474{
475    const unsigned char *cursor, *limit, *marker, *start;
476    zval **rval_ref;
477
478    limit = max;
479    cursor = *p;
480
481    if (YYCURSOR >= YYLIMIT) {
482        return 0;
483    }
484
485    if (var_hash && cursor[0] != 'R') {
486        var_push(var_hash, rval);
487    }
488
489    start = cursor;
490
491
492
493/*!re2c
494
495"R:" iv ";"     {
496    long id;
497
498    *p = YYCURSOR;
499    if (!var_hash) return 0;
500
501    id = parse_iv(start + 2) - 1;
502    if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
503        return 0;
504    }
505
506    if (*rval != NULL) {
507        var_push_dtor_no_addref(var_hash, rval);
508    }
509    *rval = *rval_ref;
510    Z_ADDREF_PP(rval);
511    Z_SET_ISREF_PP(rval);
512
513    return 1;
514}
515
516"r:" iv ";"     {
517    long id;
518
519    *p = YYCURSOR;
520    if (!var_hash) return 0;
521
522    id = parse_iv(start + 2) - 1;
523    if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
524        return 0;
525    }
526
527    if (*rval == *rval_ref) return 0;
528
529    if (*rval != NULL) {
530        var_push_dtor_no_addref(var_hash, rval);
531    }
532    *rval = *rval_ref;
533    Z_ADDREF_PP(rval);
534    Z_UNSET_ISREF_PP(rval);
535
536    return 1;
537}
538
539"N;"    {
540    *p = YYCURSOR;
541    INIT_PZVAL(*rval);
542    ZVAL_NULL(*rval);
543    return 1;
544}
545
546"b:" [01] ";"   {
547    *p = YYCURSOR;
548    INIT_PZVAL(*rval);
549    ZVAL_BOOL(*rval, parse_iv(start + 2));
550    return 1;
551}
552
553"i:" iv ";" {
554#if SIZEOF_LONG == 4
555    int digits = YYCURSOR - start - 3;
556
557    if (start[2] == '-' || start[2] == '+') {
558        digits--;
559    }
560
561    /* Use double for large long values that were serialized on a 64-bit system */
562    if (digits >= MAX_LENGTH_OF_LONG - 1) {
563        if (digits == MAX_LENGTH_OF_LONG - 1) {
564            int cmp = strncmp(YYCURSOR - MAX_LENGTH_OF_LONG, long_min_digits, MAX_LENGTH_OF_LONG - 1);
565
566            if (!(cmp < 0 || (cmp == 0 && start[2] == '-'))) {
567                goto use_double;
568            }
569        } else {
570            goto use_double;
571        }
572    }
573#endif
574    *p = YYCURSOR;
575    INIT_PZVAL(*rval);
576    ZVAL_LONG(*rval, parse_iv(start + 2));
577    return 1;
578}
579
580"d:" ("NAN" | "-"? "INF") ";"   {
581    *p = YYCURSOR;
582    INIT_PZVAL(*rval);
583
584    if (!strncmp(start + 2, "NAN", 3)) {
585        ZVAL_DOUBLE(*rval, php_get_nan());
586    } else if (!strncmp(start + 2, "INF", 3)) {
587        ZVAL_DOUBLE(*rval, php_get_inf());
588    } else if (!strncmp(start + 2, "-INF", 4)) {
589        ZVAL_DOUBLE(*rval, -php_get_inf());
590    }
591
592    return 1;
593}
594
595"d:" (iv | nv | nvexp) ";"  {
596#if SIZEOF_LONG == 4
597use_double:
598#endif
599    *p = YYCURSOR;
600    INIT_PZVAL(*rval);
601    ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL));
602    return 1;
603}
604
605"s:" uiv ":" ["]    {
606    size_t len, maxlen;
607    char *str;
608
609    len = parse_uiv(start + 2);
610    maxlen = max - YYCURSOR;
611    if (maxlen < len) {
612        *p = start + 2;
613        return 0;
614    }
615
616    str = (char*)YYCURSOR;
617
618    YYCURSOR += len;
619
620    if (*(YYCURSOR) != '"') {
621        *p = YYCURSOR;
622        return 0;
623    }
624
625    YYCURSOR += 2;
626    *p = YYCURSOR;
627
628    INIT_PZVAL(*rval);
629    ZVAL_STRINGL(*rval, str, len, 1);
630    return 1;
631}
632
633"S:" uiv ":" ["]    {
634    size_t len, maxlen;
635    char *str;
636
637    len = parse_uiv(start + 2);
638    maxlen = max - YYCURSOR;
639    if (maxlen < len) {
640        *p = start + 2;
641        return 0;
642    }
643
644    if ((str = unserialize_str(&YYCURSOR, &len, maxlen)) == NULL) {
645        return 0;
646    }
647
648    if (*(YYCURSOR) != '"') {
649        efree(str);
650        *p = YYCURSOR;
651        return 0;
652    }
653
654    YYCURSOR += 2;
655    *p = YYCURSOR;
656
657    INIT_PZVAL(*rval);
658    ZVAL_STRINGL(*rval, str, len, 0);
659    return 1;
660}
661
662"a:" uiv ":" "{" {
663    long elements = parse_iv(start + 2);
664    /* use iv() not uiv() in order to check data range */
665    *p = YYCURSOR;
666    if (!var_hash) return 0;
667
668    if (elements < 0) {
669        return 0;
670    }
671
672    INIT_PZVAL(*rval);
673
674    array_init_size(*rval, elements);
675
676    if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_PP(rval), elements, 0)) {
677        return 0;
678    }
679
680    return finish_nested_data(UNSERIALIZE_PASSTHRU);
681}
682
683"o:" iv ":" ["] {
684    if (!var_hash) return 0;
685
686    INIT_PZVAL(*rval);
687
688    return object_common2(UNSERIALIZE_PASSTHRU,
689            object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
690}
691
692object ":" uiv ":" ["]  {
693    size_t len, len2, len3, maxlen;
694    long elements;
695    char *class_name;
696    zend_class_entry *ce;
697    zend_class_entry **pce;
698    int incomplete_class = 0;
699
700    int custom_object = 0;
701
702    zval *user_func;
703    zval *retval_ptr;
704    zval **args[1];
705    zval *arg_func_name;
706
707    if (!var_hash) return 0;
708    if (*start == 'C') {
709        custom_object = 1;
710    }
711
712    INIT_PZVAL(*rval);
713    len2 = len = parse_uiv(start + 2);
714    maxlen = max - YYCURSOR;
715    if (maxlen < len || len == 0) {
716        *p = start + 2;
717        return 0;
718    }
719
720    class_name = (char*)YYCURSOR;
721
722    YYCURSOR += len;
723
724    if (*(YYCURSOR) != '"') {
725        *p = YYCURSOR;
726        return 0;
727    }
728    if (*(YYCURSOR+1) != ':') {
729        *p = YYCURSOR+1;
730        return 0;
731    }
732
733    len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\");
734    if (len3 != len)
735    {
736        *p = YYCURSOR + len3 - len;
737        return 0;
738    }
739
740    class_name = estrndup(class_name, len);
741
742    do {
743        /* Try to find class directly */
744        BG(serialize_lock)++;
745        if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
746            BG(serialize_lock)--;
747            if (EG(exception)) {
748                efree(class_name);
749                return 0;
750            }
751            ce = *pce;
752            break;
753        }
754        BG(serialize_lock)--;
755
756        if (EG(exception)) {
757            efree(class_name);
758            return 0;
759        }
760
761        /* Check for unserialize callback */
762        if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) {
763            incomplete_class = 1;
764            ce = PHP_IC_ENTRY;
765            break;
766        }
767
768        /* Call unserialize callback */
769        MAKE_STD_ZVAL(user_func);
770        ZVAL_STRING(user_func, PG(unserialize_callback_func), 1);
771        args[0] = &arg_func_name;
772        MAKE_STD_ZVAL(arg_func_name);
773        ZVAL_STRING(arg_func_name, class_name, 1);
774        BG(serialize_lock)++;
775        if (call_user_function_ex(CG(function_table), NULL, user_func, &retval_ptr, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) {
776            BG(serialize_lock)--;
777            if (EG(exception)) {
778                efree(class_name);
779                zval_ptr_dtor(&user_func);
780                zval_ptr_dtor(&arg_func_name);
781                return 0;
782            }
783            php_error_docref(NULL TSRMLS_CC, E_WARNING, "defined (%s) but not found", user_func->value.str.val);
784            incomplete_class = 1;
785            ce = PHP_IC_ENTRY;
786            zval_ptr_dtor(&user_func);
787            zval_ptr_dtor(&arg_func_name);
788            break;
789        }
790        BG(serialize_lock)--;
791        if (retval_ptr) {
792            zval_ptr_dtor(&retval_ptr);
793        }
794        if (EG(exception)) {
795            efree(class_name);
796            zval_ptr_dtor(&user_func);
797            zval_ptr_dtor(&arg_func_name);
798            return 0;
799        }
800
801        /* The callback function may have defined the class */
802        if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
803            ce = *pce;
804        } else {
805            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Function %s() hasn't defined the class it was called for", user_func->value.str.val);
806            incomplete_class = 1;
807            ce = PHP_IC_ENTRY;
808        }
809
810        zval_ptr_dtor(&user_func);
811        zval_ptr_dtor(&arg_func_name);
812        break;
813    } while (1);
814
815    *p = YYCURSOR;
816
817    if (custom_object) {
818        int ret;
819
820        ret = object_custom(UNSERIALIZE_PASSTHRU, ce);
821
822        if (ret && incomplete_class) {
823            php_store_class_name(*rval, class_name, len2);
824        }
825        efree(class_name);
826        return ret;
827    }
828
829    elements = object_common1(UNSERIALIZE_PASSTHRU, ce);
830
831    if (incomplete_class) {
832        php_store_class_name(*rval, class_name, len2);
833    }
834    efree(class_name);
835
836    return object_common2(UNSERIALIZE_PASSTHRU, elements);
837}
838
839"}" {
840    /* this is the case where we have less data than planned */
841    php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
842    return 0; /* not sure if it should be 0 or 1 here? */
843}
844
845any { return 0; }
846
847*/
848
849    return 0;
850}
851