1/*
2  +----------------------------------------------------------------------+
3  | PHP Version 5                                                        |
4  +----------------------------------------------------------------------+
5  | Copyright (c) 1997-2014 The PHP Group                                |
6  +----------------------------------------------------------------------+
7  | This source file is subject to version 3.01 of the PHP license,      |
8  | that is bundled with this package in the file LICENSE, and is        |
9  | available through the world-wide-web at the following url:           |
10  | http://www.php.net/license/3_01.txt                                  |
11  | If you did not receive a copy of the PHP license and are unable to   |
12  | obtain it through the world-wide-web, please send a note to          |
13  | license@php.net so we can mail you a copy immediately.               |
14  +----------------------------------------------------------------------+
15  | Author: Sascha Schumann <sascha@schumann.cx>                         |
16  +----------------------------------------------------------------------+
17*/
18
19/* $Id$ */
20
21#include "php.h"
22#include "ext/standard/php_var.h"
23#include "php_incomplete_class.h"
24
25/* {{{ reference-handling for unserializer: var_* */
26#define VAR_ENTRIES_MAX 1024
27#define VAR_ENTRIES_DBG 0
28
29typedef struct {
30    zval *data[VAR_ENTRIES_MAX];
31    long used_slots;
32    void *next;
33} var_entries;
34
35static inline void var_push(php_unserialize_data_t *var_hashx, zval **rval)
36{
37    var_entries *var_hash = (*var_hashx)->last;
38#if VAR_ENTRIES_DBG
39    fprintf(stderr, "var_push(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval));
40#endif
41
42    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
43        var_hash = emalloc(sizeof(var_entries));
44        var_hash->used_slots = 0;
45        var_hash->next = 0;
46
47        if (!(*var_hashx)->first) {
48            (*var_hashx)->first = var_hash;
49        } else {
50            ((var_entries *) (*var_hashx)->last)->next = var_hash;
51        }
52
53        (*var_hashx)->last = var_hash;
54    }
55
56    var_hash->data[var_hash->used_slots++] = *rval;
57}
58
59PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
60{
61    var_entries *var_hash = (*var_hashx)->last_dtor;
62#if VAR_ENTRIES_DBG
63    fprintf(stderr, "var_push_dtor(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval));
64#endif
65
66    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
67        var_hash = emalloc(sizeof(var_entries));
68        var_hash->used_slots = 0;
69        var_hash->next = 0;
70
71        if (!(*var_hashx)->first_dtor) {
72            (*var_hashx)->first_dtor = var_hash;
73        } else {
74            ((var_entries *) (*var_hashx)->last_dtor)->next = var_hash;
75        }
76
77        (*var_hashx)->last_dtor = var_hash;
78    }
79
80    Z_ADDREF_PP(rval);
81    var_hash->data[var_hash->used_slots++] = *rval;
82}
83
84PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval)
85{
86    var_entries *var_hash = (*var_hashx)->last_dtor;
87#if VAR_ENTRIES_DBG
88    fprintf(stderr, "var_push_dtor_no_addref(%ld): %d (%d)\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval), Z_REFCOUNT_PP(rval));
89#endif
90
91    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
92        var_hash = emalloc(sizeof(var_entries));
93        var_hash->used_slots = 0;
94        var_hash->next = 0;
95
96        if (!(*var_hashx)->first_dtor) {
97            (*var_hashx)->first_dtor = var_hash;
98        } else {
99            ((var_entries *) (*var_hashx)->last_dtor)->next = var_hash;
100        }
101
102        (*var_hashx)->last_dtor = var_hash;
103    }
104
105    var_hash->data[var_hash->used_slots++] = *rval;
106}
107
108PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval)
109{
110    long i;
111    var_entries *var_hash = (*var_hashx)->first;
112#if VAR_ENTRIES_DBG
113    fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval));
114#endif
115
116    while (var_hash) {
117        for (i = 0; i < var_hash->used_slots; i++) {
118            if (var_hash->data[i] == ozval) {
119                var_hash->data[i] = *nzval;
120                /* do not break here */
121            }
122        }
123        var_hash = var_hash->next;
124    }
125}
126
127static int var_access(php_unserialize_data_t *var_hashx, long id, zval ***store)
128{
129    var_entries *var_hash = (*var_hashx)->first;
130#if VAR_ENTRIES_DBG
131    fprintf(stderr, "var_access(%ld): %ld\n", var_hash?var_hash->used_slots:-1L, id);
132#endif
133
134    while (id >= VAR_ENTRIES_MAX && var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) {
135        var_hash = var_hash->next;
136        id -= VAR_ENTRIES_MAX;
137    }
138
139    if (!var_hash) return !SUCCESS;
140
141    if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
142
143    *store = &var_hash->data[id];
144
145    return SUCCESS;
146}
147
148PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
149{
150    void *next;
151    long i;
152    var_entries *var_hash = (*var_hashx)->first;
153#if VAR_ENTRIES_DBG
154    fprintf(stderr, "var_destroy(%ld)\n", var_hash?var_hash->used_slots:-1L);
155#endif
156
157    while (var_hash) {
158        next = var_hash->next;
159        efree(var_hash);
160        var_hash = next;
161    }
162
163    var_hash = (*var_hashx)->first_dtor;
164
165    while (var_hash) {
166        for (i = 0; i < var_hash->used_slots; i++) {
167            zval_ptr_dtor(&var_hash->data[i]);
168        }
169        next = var_hash->next;
170        efree(var_hash);
171        var_hash = next;
172    }
173}
174
175/* }}} */
176
177static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen)
178{
179    size_t i, j;
180    char *str = safe_emalloc(*len, 1, 1);
181    unsigned char *end = *(unsigned char **)p+maxlen;
182
183    if (end < *p) {
184        efree(str);
185        return NULL;
186    }
187
188    for (i = 0; i < *len; i++) {
189        if (*p >= end) {
190            efree(str);
191            return NULL;
192        }
193        if (**p != '\\') {
194            str[i] = (char)**p;
195        } else {
196            unsigned char ch = 0;
197
198            for (j = 0; j < 2; j++) {
199                (*p)++;
200                if (**p >= '0' && **p <= '9') {
201                    ch = (ch << 4) + (**p -'0');
202                } else if (**p >= 'a' && **p <= 'f') {
203                    ch = (ch << 4) + (**p -'a'+10);
204                } else if (**p >= 'A' && **p <= 'F') {
205                    ch = (ch << 4) + (**p -'A'+10);
206                } else {
207                    efree(str);
208                    return NULL;
209                }
210            }
211            str[i] = (char)ch;
212        }
213        (*p)++;
214    }
215    str[i] = 0;
216    *len = i;
217    return str;
218}
219
220#define YYFILL(n) do { } while (0)
221#define YYCTYPE unsigned char
222#define YYCURSOR cursor
223#define YYLIMIT limit
224#define YYMARKER marker
225
226
227/*!re2c
228uiv = [+]? [0-9]+;
229iv = [+-]? [0-9]+;
230nv = [+-]? ([0-9]* "." [0-9]+|[0-9]+ "." [0-9]*);
231nvexp = (iv | nv) [eE] [+-]? iv;
232any = [\000-\377];
233object = [OC];
234*/
235
236
237
238static inline long parse_iv2(const unsigned char *p, const unsigned char **q)
239{
240    char cursor;
241    long result = 0;
242    int neg = 0;
243
244    switch (*p) {
245        case '-':
246            neg++;
247            /* fall-through */
248        case '+':
249            p++;
250    }
251
252    while (1) {
253        cursor = (char)*p;
254        if (cursor >= '0' && cursor <= '9') {
255            result = result * 10 + (size_t)(cursor - (unsigned char)'0');
256        } else {
257            break;
258        }
259        p++;
260    }
261    if (q) *q = p;
262    if (neg) return -result;
263    return result;
264}
265
266static inline long parse_iv(const unsigned char *p)
267{
268    return parse_iv2(p, NULL);
269}
270
271/* no need to check for length - re2c already did */
272static inline size_t parse_uiv(const unsigned char *p)
273{
274    unsigned char cursor;
275    size_t result = 0;
276
277    if (*p == '+') {
278        p++;
279    }
280
281    while (1) {
282        cursor = *p;
283        if (cursor >= '0' && cursor <= '9') {
284            result = result * 10 + (size_t)(cursor - (unsigned char)'0');
285        } else {
286            break;
287        }
288        p++;
289    }
290    return result;
291}
292
293#define UNSERIALIZE_PARAMETER zval **rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC
294#define UNSERIALIZE_PASSTHRU rval, p, max, var_hash TSRMLS_CC
295
296static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long elements, int objprops)
297{
298    while (elements-- > 0) {
299        zval *key, *data, **old_data;
300
301        ALLOC_INIT_ZVAL(key);
302
303        if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
304            zval_dtor(key);
305            FREE_ZVAL(key);
306            return 0;
307        }
308
309        if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) {
310            zval_dtor(key);
311            FREE_ZVAL(key);
312            return 0;
313        }
314
315        ALLOC_INIT_ZVAL(data);
316
317        if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
318            zval_dtor(key);
319            FREE_ZVAL(key);
320            zval_dtor(data);
321            FREE_ZVAL(data);
322            return 0;
323        }
324
325        if (!objprops) {
326            switch (Z_TYPE_P(key)) {
327            case IS_LONG:
328                if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)&old_data)==SUCCESS) {
329                    var_push_dtor(var_hash, old_data);
330                }
331                zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
332                break;
333            case IS_STRING:
334                if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
335                    var_push_dtor(var_hash, old_data);
336                }
337                zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
338                break;
339            }
340        } else {
341            /* object properties should include no integers */
342            convert_to_string(key);
343            zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
344                    sizeof data, NULL);
345        }
346
347        zval_dtor(key);
348        FREE_ZVAL(key);
349
350        if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
351            (*p)--;
352            return 0;
353        }
354    }
355
356    return 1;
357}
358
359static inline int finish_nested_data(UNSERIALIZE_PARAMETER)
360{
361    if (*((*p)++) == '}')
362        return 1;
363
364#if SOMETHING_NEW_MIGHT_LEAD_TO_CRASH_ENABLE_IF_YOU_ARE_BRAVE
365    zval_ptr_dtor(rval);
366#endif
367    return 0;
368}
369
370static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
371{
372    long datalen;
373
374    datalen = parse_iv2((*p) + 2, p);
375
376    (*p) += 2;
377
378    if (datalen < 0 || (max - (*p)) <= datalen) {
379        zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
380        return 0;
381    }
382
383    if (ce->unserialize == NULL) {
384        zend_error(E_WARNING, "Class %s has no unserializer", ce->name);
385        object_init_ex(*rval, ce);
386    } else if (ce->unserialize(rval, ce, (const unsigned char*)*p, datalen, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) {
387        return 0;
388    }
389
390    (*p) += datalen;
391
392    return finish_nested_data(UNSERIALIZE_PASSTHRU);
393}
394
395static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
396{
397    long elements;
398
399    elements = parse_iv2((*p) + 2, p);
400
401    (*p) += 2;
402
403    if (ce->serialize == NULL) {
404        object_init_ex(*rval, ce);
405    } else {
406        /* If this class implements Serializable, it should not land here but in object_custom(). The passed string
407        obviously doesn't descend from the regular serializer. */
408        zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name);
409        return 0;
410    }
411
412    return elements;
413}
414
415#ifdef PHP_WIN32
416# pragma optimize("", off)
417#endif
418static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
419{
420    zval *retval_ptr = NULL;
421    zval fname;
422
423    if (Z_TYPE_PP(rval) != IS_OBJECT) {
424        return 0;
425    }
426
427    if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
428        return 0;
429    }
430
431    if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
432        zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
433        INIT_PZVAL(&fname);
434        ZVAL_STRINGL(&fname, "__wakeup", sizeof("__wakeup") - 1, 0);
435        BG(serialize_lock)++;
436        call_user_function_ex(CG(function_table), rval, &fname, &retval_ptr, 0, 0, 1, NULL TSRMLS_CC);
437        BG(serialize_lock)--;
438    }
439
440    if (retval_ptr) {
441        zval_ptr_dtor(&retval_ptr);
442    }
443
444    if (EG(exception)) {
445        return 0;
446    }
447
448    return finish_nested_data(UNSERIALIZE_PASSTHRU);
449
450}
451#ifdef PHP_WIN32
452# pragma optimize("", on)
453#endif
454
455PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
456{
457    const unsigned char *cursor, *limit, *marker, *start;
458    zval **rval_ref;
459
460    limit = max;
461    cursor = *p;
462
463    if (YYCURSOR >= YYLIMIT) {
464        return 0;
465    }
466
467    if (var_hash && cursor[0] != 'R') {
468        var_push(var_hash, rval);
469    }
470
471    start = cursor;
472
473
474
475/*!re2c
476
477"R:" iv ";"     {
478    long id;
479
480    *p = YYCURSOR;
481    if (!var_hash) return 0;
482
483    id = parse_iv(start + 2) - 1;
484    if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
485        return 0;
486    }
487
488    if (*rval != NULL) {
489        zval_ptr_dtor(rval);
490    }
491    *rval = *rval_ref;
492    Z_ADDREF_PP(rval);
493    Z_SET_ISREF_PP(rval);
494
495    return 1;
496}
497
498"r:" iv ";"     {
499    long id;
500
501    *p = YYCURSOR;
502    if (!var_hash) return 0;
503
504    id = parse_iv(start + 2) - 1;
505    if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
506        return 0;
507    }
508
509    if (*rval == *rval_ref) return 0;
510
511    if (*rval != NULL) {
512        var_push_dtor_no_addref(var_hash, rval);
513    }
514    *rval = *rval_ref;
515    Z_ADDREF_PP(rval);
516    Z_UNSET_ISREF_PP(rval);
517
518    return 1;
519}
520
521"N;"    {
522    *p = YYCURSOR;
523    INIT_PZVAL(*rval);
524    ZVAL_NULL(*rval);
525    return 1;
526}
527
528"b:" [01] ";"   {
529    *p = YYCURSOR;
530    INIT_PZVAL(*rval);
531    ZVAL_BOOL(*rval, parse_iv(start + 2));
532    return 1;
533}
534
535"i:" iv ";" {
536#if SIZEOF_LONG == 4
537    int digits = YYCURSOR - start - 3;
538
539    if (start[2] == '-' || start[2] == '+') {
540        digits--;
541    }
542
543    /* Use double for large long values that were serialized on a 64-bit system */
544    if (digits >= MAX_LENGTH_OF_LONG - 1) {
545        if (digits == MAX_LENGTH_OF_LONG - 1) {
546            int cmp = strncmp(YYCURSOR - MAX_LENGTH_OF_LONG, long_min_digits, MAX_LENGTH_OF_LONG - 1);
547
548            if (!(cmp < 0 || (cmp == 0 && start[2] == '-'))) {
549                goto use_double;
550            }
551        } else {
552            goto use_double;
553        }
554    }
555#endif
556    *p = YYCURSOR;
557    INIT_PZVAL(*rval);
558    ZVAL_LONG(*rval, parse_iv(start + 2));
559    return 1;
560}
561
562"d:" ("NAN" | "-"? "INF") ";"   {
563    *p = YYCURSOR;
564    INIT_PZVAL(*rval);
565
566    if (!strncmp(start + 2, "NAN", 3)) {
567        ZVAL_DOUBLE(*rval, php_get_nan());
568    } else if (!strncmp(start + 2, "INF", 3)) {
569        ZVAL_DOUBLE(*rval, php_get_inf());
570    } else if (!strncmp(start + 2, "-INF", 4)) {
571        ZVAL_DOUBLE(*rval, -php_get_inf());
572    }
573
574    return 1;
575}
576
577"d:" (iv | nv | nvexp) ";"  {
578#if SIZEOF_LONG == 4
579use_double:
580#endif
581    *p = YYCURSOR;
582    INIT_PZVAL(*rval);
583    ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL));
584    return 1;
585}
586
587"s:" uiv ":" ["]    {
588    size_t len, maxlen;
589    char *str;
590
591    len = parse_uiv(start + 2);
592    maxlen = max - YYCURSOR;
593    if (maxlen < len) {
594        *p = start + 2;
595        return 0;
596    }
597
598    str = (char*)YYCURSOR;
599
600    YYCURSOR += len;
601
602    if (*(YYCURSOR) != '"') {
603        *p = YYCURSOR;
604        return 0;
605    }
606
607    YYCURSOR += 2;
608    *p = YYCURSOR;
609
610    INIT_PZVAL(*rval);
611    ZVAL_STRINGL(*rval, str, len, 1);
612    return 1;
613}
614
615"S:" uiv ":" ["]    {
616    size_t len, maxlen;
617    char *str;
618
619    len = parse_uiv(start + 2);
620    maxlen = max - YYCURSOR;
621    if (maxlen < len) {
622        *p = start + 2;
623        return 0;
624    }
625
626    if ((str = unserialize_str(&YYCURSOR, &len, maxlen)) == NULL) {
627        return 0;
628    }
629
630    if (*(YYCURSOR) != '"') {
631        efree(str);
632        *p = YYCURSOR;
633        return 0;
634    }
635
636    YYCURSOR += 2;
637    *p = YYCURSOR;
638
639    INIT_PZVAL(*rval);
640    ZVAL_STRINGL(*rval, str, len, 0);
641    return 1;
642}
643
644"a:" uiv ":" "{" {
645    long elements = parse_iv(start + 2);
646    /* use iv() not uiv() in order to check data range */
647    *p = YYCURSOR;
648
649    if (elements < 0) {
650        return 0;
651    }
652
653    INIT_PZVAL(*rval);
654
655    array_init_size(*rval, elements);
656
657    if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_PP(rval), elements, 0)) {
658        return 0;
659    }
660
661    return finish_nested_data(UNSERIALIZE_PASSTHRU);
662}
663
664"o:" iv ":" ["] {
665
666    INIT_PZVAL(*rval);
667
668    return object_common2(UNSERIALIZE_PASSTHRU,
669            object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
670}
671
672object ":" uiv ":" ["]  {
673    size_t len, len2, len3, maxlen;
674    long elements;
675    char *class_name;
676    zend_class_entry *ce;
677    zend_class_entry **pce;
678    int incomplete_class = 0;
679
680    int custom_object = 0;
681
682    zval *user_func;
683    zval *retval_ptr;
684    zval **args[1];
685    zval *arg_func_name;
686
687    if (*start == 'C') {
688        custom_object = 1;
689    }
690
691    INIT_PZVAL(*rval);
692    len2 = len = parse_uiv(start + 2);
693    maxlen = max - YYCURSOR;
694    if (maxlen < len || len == 0) {
695        *p = start + 2;
696        return 0;
697    }
698
699    class_name = (char*)YYCURSOR;
700
701    YYCURSOR += len;
702
703    if (*(YYCURSOR) != '"') {
704        *p = YYCURSOR;
705        return 0;
706    }
707    if (*(YYCURSOR+1) != ':') {
708        *p = YYCURSOR+1;
709        return 0;
710    }
711
712    len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\");
713    if (len3 != len)
714    {
715        *p = YYCURSOR + len3 - len;
716        return 0;
717    }
718
719    class_name = estrndup(class_name, len);
720
721    do {
722        /* Try to find class directly */
723        BG(serialize_lock)++;
724        if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
725            BG(serialize_lock)--;
726            if (EG(exception)) {
727                efree(class_name);
728                return 0;
729            }
730            ce = *pce;
731            break;
732        }
733        BG(serialize_lock)--;
734
735        if (EG(exception)) {
736            efree(class_name);
737            return 0;
738        }
739
740        /* Check for unserialize callback */
741        if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) {
742            incomplete_class = 1;
743            ce = PHP_IC_ENTRY;
744            break;
745        }
746
747        /* Call unserialize callback */
748        MAKE_STD_ZVAL(user_func);
749        ZVAL_STRING(user_func, PG(unserialize_callback_func), 1);
750        args[0] = &arg_func_name;
751        MAKE_STD_ZVAL(arg_func_name);
752        ZVAL_STRING(arg_func_name, class_name, 1);
753        BG(serialize_lock)++;
754        if (call_user_function_ex(CG(function_table), NULL, user_func, &retval_ptr, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) {
755            BG(serialize_lock)--;
756            if (EG(exception)) {
757                efree(class_name);
758                zval_ptr_dtor(&user_func);
759                zval_ptr_dtor(&arg_func_name);
760                return 0;
761            }
762            php_error_docref(NULL TSRMLS_CC, E_WARNING, "defined (%s) but not found", user_func->value.str.val);
763            incomplete_class = 1;
764            ce = PHP_IC_ENTRY;
765            zval_ptr_dtor(&user_func);
766            zval_ptr_dtor(&arg_func_name);
767            break;
768        }
769        BG(serialize_lock)--;
770        if (retval_ptr) {
771            zval_ptr_dtor(&retval_ptr);
772        }
773        if (EG(exception)) {
774            efree(class_name);
775            zval_ptr_dtor(&user_func);
776            zval_ptr_dtor(&arg_func_name);
777            return 0;
778        }
779
780        /* The callback function may have defined the class */
781        if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
782            ce = *pce;
783        } else {
784            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Function %s() hasn't defined the class it was called for", user_func->value.str.val);
785            incomplete_class = 1;
786            ce = PHP_IC_ENTRY;
787        }
788
789        zval_ptr_dtor(&user_func);
790        zval_ptr_dtor(&arg_func_name);
791        break;
792    } while (1);
793
794    *p = YYCURSOR;
795
796    if (custom_object) {
797        int ret;
798
799        ret = object_custom(UNSERIALIZE_PASSTHRU, ce);
800
801        if (ret && incomplete_class) {
802            php_store_class_name(*rval, class_name, len2);
803        }
804        efree(class_name);
805        return ret;
806    }
807
808    elements = object_common1(UNSERIALIZE_PASSTHRU, ce);
809
810    if (incomplete_class) {
811        php_store_class_name(*rval, class_name, len2);
812    }
813    efree(class_name);
814
815    return object_common2(UNSERIALIZE_PASSTHRU, elements);
816}
817
818"}" {
819    /* this is the case where we have less data than planned */
820    php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
821    return 0; /* not sure if it should be 0 or 1 here? */
822}
823
824any { return 0; }
825
826*/
827
828    return 0;
829}
830