1/*
2  +----------------------------------------------------------------------+
3  | PHP Version 5                                                        |
4  +----------------------------------------------------------------------+
5  | Copyright (c) 1997-2015 The PHP Group                                |
6  +----------------------------------------------------------------------+
7  | This source file is subject to version 3.01 of the PHP license,      |
8  | that is bundled with this package in the file LICENSE, and is        |
9  | available through the world-wide-web at the following url:           |
10  | http://www.php.net/license/3_01.txt                                  |
11  | If you did not receive a copy of the PHP license and are unable to   |
12  | obtain it through the world-wide-web, please send a note to          |
13  | license@php.net so we can mail you a copy immediately.               |
14  +----------------------------------------------------------------------+
15  | Author: Sascha Schumann <sascha@schumann.cx>                         |
16  +----------------------------------------------------------------------+
17*/
18
19/* $Id$ */
20
21#include "php.h"
22#include "ext/standard/php_var.h"
23#include "php_incomplete_class.h"
24
25/* {{{ reference-handling for unserializer: var_* */
26#define VAR_ENTRIES_MAX 1024
27#define VAR_ENTRIES_DBG 0
28
29typedef struct {
30    zval *data[VAR_ENTRIES_MAX];
31    long used_slots;
32    void *next;
33} var_entries;
34
35static inline void var_push(php_unserialize_data_t *var_hashx, zval **rval)
36{
37    var_entries *var_hash = (*var_hashx)->last;
38#if VAR_ENTRIES_DBG
39    fprintf(stderr, "var_push(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval));
40#endif
41
42    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
43        var_hash = emalloc(sizeof(var_entries));
44        var_hash->used_slots = 0;
45        var_hash->next = 0;
46
47        if (!(*var_hashx)->first) {
48            (*var_hashx)->first = var_hash;
49        } else {
50            ((var_entries *) (*var_hashx)->last)->next = var_hash;
51        }
52
53        (*var_hashx)->last = var_hash;
54    }
55
56    var_hash->data[var_hash->used_slots++] = *rval;
57}
58
59PHPAPI void var_push_dtor(php_unserialize_data_t *var_hashx, zval **rval)
60{
61    var_entries *var_hash;
62
63    if (!var_hashx || !*var_hashx) {
64        return;
65    }
66
67    var_hash = (*var_hashx)->last_dtor;
68#if VAR_ENTRIES_DBG
69    fprintf(stderr, "var_push_dtor(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval));
70#endif
71
72    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
73        var_hash = emalloc(sizeof(var_entries));
74        var_hash->used_slots = 0;
75        var_hash->next = 0;
76
77        if (!(*var_hashx)->first_dtor) {
78            (*var_hashx)->first_dtor = var_hash;
79        } else {
80            ((var_entries *) (*var_hashx)->last_dtor)->next = var_hash;
81        }
82
83        (*var_hashx)->last_dtor = var_hash;
84    }
85
86    Z_ADDREF_PP(rval);
87    var_hash->data[var_hash->used_slots++] = *rval;
88}
89
90PHPAPI void var_push_dtor_no_addref(php_unserialize_data_t *var_hashx, zval **rval)
91{
92    var_entries *var_hash = (*var_hashx)->last_dtor;
93#if VAR_ENTRIES_DBG
94    fprintf(stderr, "var_push_dtor_no_addref(%ld): %d (%d)\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(rval), Z_REFCOUNT_PP(rval));
95#endif
96
97    if (!var_hash || var_hash->used_slots == VAR_ENTRIES_MAX) {
98        var_hash = emalloc(sizeof(var_entries));
99        var_hash->used_slots = 0;
100        var_hash->next = 0;
101
102        if (!(*var_hashx)->first_dtor) {
103            (*var_hashx)->first_dtor = var_hash;
104        } else {
105            ((var_entries *) (*var_hashx)->last_dtor)->next = var_hash;
106        }
107
108        (*var_hashx)->last_dtor = var_hash;
109    }
110
111    var_hash->data[var_hash->used_slots++] = *rval;
112}
113
114PHPAPI void var_replace(php_unserialize_data_t *var_hashx, zval *ozval, zval **nzval)
115{
116    long i;
117    var_entries *var_hash = (*var_hashx)->first;
118#if VAR_ENTRIES_DBG
119    fprintf(stderr, "var_replace(%ld): %d\n", var_hash?var_hash->used_slots:-1L, Z_TYPE_PP(nzval));
120#endif
121
122    while (var_hash) {
123        for (i = 0; i < var_hash->used_slots; i++) {
124            if (var_hash->data[i] == ozval) {
125                var_hash->data[i] = *nzval;
126                /* do not break here */
127            }
128        }
129        var_hash = var_hash->next;
130    }
131}
132
133static int var_access(php_unserialize_data_t *var_hashx, long id, zval ***store)
134{
135    var_entries *var_hash = (*var_hashx)->first;
136#if VAR_ENTRIES_DBG
137    fprintf(stderr, "var_access(%ld): %ld\n", var_hash?var_hash->used_slots:-1L, id);
138#endif
139
140    while (id >= VAR_ENTRIES_MAX && var_hash && var_hash->used_slots == VAR_ENTRIES_MAX) {
141        var_hash = var_hash->next;
142        id -= VAR_ENTRIES_MAX;
143    }
144
145    if (!var_hash) return !SUCCESS;
146
147    if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
148
149    *store = &var_hash->data[id];
150
151    return SUCCESS;
152}
153
154PHPAPI void var_destroy(php_unserialize_data_t *var_hashx)
155{
156    void *next;
157    long i;
158    var_entries *var_hash = (*var_hashx)->first;
159#if VAR_ENTRIES_DBG
160    fprintf(stderr, "var_destroy(%ld)\n", var_hash?var_hash->used_slots:-1L);
161#endif
162
163    while (var_hash) {
164        next = var_hash->next;
165        efree(var_hash);
166        var_hash = next;
167    }
168
169    var_hash = (*var_hashx)->first_dtor;
170
171    while (var_hash) {
172        for (i = 0; i < var_hash->used_slots; i++) {
173            zval_ptr_dtor(&var_hash->data[i]);
174        }
175        next = var_hash->next;
176        efree(var_hash);
177        var_hash = next;
178    }
179}
180
181/* }}} */
182
183static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen)
184{
185    size_t i, j;
186    char *str = safe_emalloc(*len, 1, 1);
187    unsigned char *end = *(unsigned char **)p+maxlen;
188
189    if (end < *p) {
190        efree(str);
191        return NULL;
192    }
193
194    for (i = 0; i < *len; i++) {
195        if (*p >= end) {
196            efree(str);
197            return NULL;
198        }
199        if (**p != '\\') {
200            str[i] = (char)**p;
201        } else {
202            unsigned char ch = 0;
203
204            for (j = 0; j < 2; j++) {
205                (*p)++;
206                if (**p >= '0' && **p <= '9') {
207                    ch = (ch << 4) + (**p -'0');
208                } else if (**p >= 'a' && **p <= 'f') {
209                    ch = (ch << 4) + (**p -'a'+10);
210                } else if (**p >= 'A' && **p <= 'F') {
211                    ch = (ch << 4) + (**p -'A'+10);
212                } else {
213                    efree(str);
214                    return NULL;
215                }
216            }
217            str[i] = (char)ch;
218        }
219        (*p)++;
220    }
221    str[i] = 0;
222    *len = i;
223    return str;
224}
225
226#define YYFILL(n) do { } while (0)
227#define YYCTYPE unsigned char
228#define YYCURSOR cursor
229#define YYLIMIT limit
230#define YYMARKER marker
231
232
233/*!re2c
234uiv = [+]? [0-9]+;
235iv = [+-]? [0-9]+;
236nv = [+-]? ([0-9]* "." [0-9]+|[0-9]+ "." [0-9]*);
237nvexp = (iv | nv) [eE] [+-]? iv;
238any = [\000-\377];
239object = [OC];
240*/
241
242
243
244static inline long parse_iv2(const unsigned char *p, const unsigned char **q)
245{
246    char cursor;
247    long result = 0;
248    int neg = 0;
249
250    switch (*p) {
251        case '-':
252            neg++;
253            /* fall-through */
254        case '+':
255            p++;
256    }
257
258    while (1) {
259        cursor = (char)*p;
260        if (cursor >= '0' && cursor <= '9') {
261            result = result * 10 + (size_t)(cursor - (unsigned char)'0');
262        } else {
263            break;
264        }
265        p++;
266    }
267    if (q) *q = p;
268    if (neg) return -result;
269    return result;
270}
271
272static inline long parse_iv(const unsigned char *p)
273{
274    return parse_iv2(p, NULL);
275}
276
277/* no need to check for length - re2c already did */
278static inline size_t parse_uiv(const unsigned char *p)
279{
280    unsigned char cursor;
281    size_t result = 0;
282
283    if (*p == '+') {
284        p++;
285    }
286
287    while (1) {
288        cursor = *p;
289        if (cursor >= '0' && cursor <= '9') {
290            result = result * 10 + (size_t)(cursor - (unsigned char)'0');
291        } else {
292            break;
293        }
294        p++;
295    }
296    return result;
297}
298
299#define UNSERIALIZE_PARAMETER zval **rval, const unsigned char **p, const unsigned char *max, php_unserialize_data_t *var_hash TSRMLS_DC
300#define UNSERIALIZE_PASSTHRU rval, p, max, var_hash TSRMLS_CC
301
302static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long elements, int objprops)
303{
304    while (elements-- > 0) {
305        zval *key, *data, **old_data;
306
307        ALLOC_INIT_ZVAL(key);
308
309        if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) {
310            zval_dtor(key);
311            FREE_ZVAL(key);
312            return 0;
313        }
314
315        if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) {
316            zval_dtor(key);
317            FREE_ZVAL(key);
318            return 0;
319        }
320
321        ALLOC_INIT_ZVAL(data);
322
323        if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) {
324            zval_dtor(key);
325            FREE_ZVAL(key);
326            zval_ptr_dtor(&data);
327            return 0;
328        }
329
330        if (!objprops) {
331            switch (Z_TYPE_P(key)) {
332            case IS_LONG:
333                if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)&old_data)==SUCCESS) {
334                    var_push_dtor(var_hash, old_data);
335                }
336                zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL);
337                break;
338            case IS_STRING:
339                if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
340                    var_push_dtor(var_hash, old_data);
341                }
342                zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL);
343                break;
344            }
345        } else {
346            /* object properties should include no integers */
347            convert_to_string(key);
348            if (zend_hash_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
349                var_push_dtor(var_hash, old_data);
350            }
351            zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
352                    sizeof data, NULL);
353        }
354
355        zval_dtor(key);
356        FREE_ZVAL(key);
357
358        if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
359            (*p)--;
360            return 0;
361        }
362    }
363
364    return 1;
365}
366
367static inline int finish_nested_data(UNSERIALIZE_PARAMETER)
368{
369    if (*((*p)++) == '}')
370        return 1;
371
372#if SOMETHING_NEW_MIGHT_LEAD_TO_CRASH_ENABLE_IF_YOU_ARE_BRAVE
373    zval_ptr_dtor(rval);
374#endif
375    return 0;
376}
377
378static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
379{
380    long datalen;
381
382    datalen = parse_iv2((*p) + 2, p);
383
384    (*p) += 2;
385
386    if (datalen < 0 || (max - (*p)) <= datalen) {
387        zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
388        return 0;
389    }
390
391    if (ce->unserialize == NULL) {
392        zend_error(E_WARNING, "Class %s has no unserializer", ce->name);
393        object_init_ex(*rval, ce);
394    } else if (ce->unserialize(rval, ce, (const unsigned char*)*p, datalen, (zend_unserialize_data *)var_hash TSRMLS_CC) != SUCCESS) {
395        return 0;
396    }
397
398    (*p) += datalen;
399
400    return finish_nested_data(UNSERIALIZE_PASSTHRU);
401}
402
403static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
404{
405    long elements;
406
407    elements = parse_iv2((*p) + 2, p);
408
409    (*p) += 2;
410
411    if (ce->serialize == NULL) {
412        object_init_ex(*rval, ce);
413    } else {
414        /* If this class implements Serializable, it should not land here but in object_custom(). The passed string
415        obviously doesn't descend from the regular serializer. */
416        zend_error(E_WARNING, "Erroneous data format for unserializing '%s'", ce->name);
417        return 0;
418    }
419
420    return elements;
421}
422
423#ifdef PHP_WIN32
424# pragma optimize("", off)
425#endif
426static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
427{
428    zval *retval_ptr = NULL;
429    zval fname;
430
431    if (Z_TYPE_PP(rval) != IS_OBJECT) {
432        return 0;
433    }
434
435    if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_OBJPROP_PP(rval), elements, 1)) {
436        return 0;
437    }
438
439    if (Z_OBJCE_PP(rval) != PHP_IC_ENTRY &&
440        zend_hash_exists(&Z_OBJCE_PP(rval)->function_table, "__wakeup", sizeof("__wakeup"))) {
441        INIT_PZVAL(&fname);
442        ZVAL_STRINGL(&fname, "__wakeup", sizeof("__wakeup") - 1, 0);
443        BG(serialize_lock)++;
444        call_user_function_ex(CG(function_table), rval, &fname, &retval_ptr, 0, 0, 1, NULL TSRMLS_CC);
445        BG(serialize_lock)--;
446    }
447
448    if (retval_ptr) {
449        zval_ptr_dtor(&retval_ptr);
450    }
451
452    if (EG(exception)) {
453        return 0;
454    }
455
456    return finish_nested_data(UNSERIALIZE_PASSTHRU);
457
458}
459#ifdef PHP_WIN32
460# pragma optimize("", on)
461#endif
462
463PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
464{
465    const unsigned char *cursor, *limit, *marker, *start;
466    zval **rval_ref;
467
468    limit = max;
469    cursor = *p;
470
471    if (YYCURSOR >= YYLIMIT) {
472        return 0;
473    }
474
475    if (var_hash && cursor[0] != 'R') {
476        var_push(var_hash, rval);
477    }
478
479    start = cursor;
480
481
482
483/*!re2c
484
485"R:" iv ";"     {
486    long id;
487
488    *p = YYCURSOR;
489    if (!var_hash) return 0;
490
491    id = parse_iv(start + 2) - 1;
492    if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
493        return 0;
494    }
495
496    if (*rval != NULL) {
497        zval_ptr_dtor(rval);
498    }
499    *rval = *rval_ref;
500    Z_ADDREF_PP(rval);
501    Z_SET_ISREF_PP(rval);
502
503    return 1;
504}
505
506"r:" iv ";"     {
507    long id;
508
509    *p = YYCURSOR;
510    if (!var_hash) return 0;
511
512    id = parse_iv(start + 2) - 1;
513    if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) {
514        return 0;
515    }
516
517    if (*rval == *rval_ref) return 0;
518
519    if (*rval != NULL) {
520        var_push_dtor_no_addref(var_hash, rval);
521    }
522    *rval = *rval_ref;
523    Z_ADDREF_PP(rval);
524    Z_UNSET_ISREF_PP(rval);
525
526    return 1;
527}
528
529"N;"    {
530    *p = YYCURSOR;
531    INIT_PZVAL(*rval);
532    ZVAL_NULL(*rval);
533    return 1;
534}
535
536"b:" [01] ";"   {
537    *p = YYCURSOR;
538    INIT_PZVAL(*rval);
539    ZVAL_BOOL(*rval, parse_iv(start + 2));
540    return 1;
541}
542
543"i:" iv ";" {
544#if SIZEOF_LONG == 4
545    int digits = YYCURSOR - start - 3;
546
547    if (start[2] == '-' || start[2] == '+') {
548        digits--;
549    }
550
551    /* Use double for large long values that were serialized on a 64-bit system */
552    if (digits >= MAX_LENGTH_OF_LONG - 1) {
553        if (digits == MAX_LENGTH_OF_LONG - 1) {
554            int cmp = strncmp(YYCURSOR - MAX_LENGTH_OF_LONG, long_min_digits, MAX_LENGTH_OF_LONG - 1);
555
556            if (!(cmp < 0 || (cmp == 0 && start[2] == '-'))) {
557                goto use_double;
558            }
559        } else {
560            goto use_double;
561        }
562    }
563#endif
564    *p = YYCURSOR;
565    INIT_PZVAL(*rval);
566    ZVAL_LONG(*rval, parse_iv(start + 2));
567    return 1;
568}
569
570"d:" ("NAN" | "-"? "INF") ";"   {
571    *p = YYCURSOR;
572    INIT_PZVAL(*rval);
573
574    if (!strncmp(start + 2, "NAN", 3)) {
575        ZVAL_DOUBLE(*rval, php_get_nan());
576    } else if (!strncmp(start + 2, "INF", 3)) {
577        ZVAL_DOUBLE(*rval, php_get_inf());
578    } else if (!strncmp(start + 2, "-INF", 4)) {
579        ZVAL_DOUBLE(*rval, -php_get_inf());
580    }
581
582    return 1;
583}
584
585"d:" (iv | nv | nvexp) ";"  {
586#if SIZEOF_LONG == 4
587use_double:
588#endif
589    *p = YYCURSOR;
590    INIT_PZVAL(*rval);
591    ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL));
592    return 1;
593}
594
595"s:" uiv ":" ["]    {
596    size_t len, maxlen;
597    char *str;
598
599    len = parse_uiv(start + 2);
600    maxlen = max - YYCURSOR;
601    if (maxlen < len) {
602        *p = start + 2;
603        return 0;
604    }
605
606    str = (char*)YYCURSOR;
607
608    YYCURSOR += len;
609
610    if (*(YYCURSOR) != '"') {
611        *p = YYCURSOR;
612        return 0;
613    }
614
615    YYCURSOR += 2;
616    *p = YYCURSOR;
617
618    INIT_PZVAL(*rval);
619    ZVAL_STRINGL(*rval, str, len, 1);
620    return 1;
621}
622
623"S:" uiv ":" ["]    {
624    size_t len, maxlen;
625    char *str;
626
627    len = parse_uiv(start + 2);
628    maxlen = max - YYCURSOR;
629    if (maxlen < len) {
630        *p = start + 2;
631        return 0;
632    }
633
634    if ((str = unserialize_str(&YYCURSOR, &len, maxlen)) == NULL) {
635        return 0;
636    }
637
638    if (*(YYCURSOR) != '"') {
639        efree(str);
640        *p = YYCURSOR;
641        return 0;
642    }
643
644    YYCURSOR += 2;
645    *p = YYCURSOR;
646
647    INIT_PZVAL(*rval);
648    ZVAL_STRINGL(*rval, str, len, 0);
649    return 1;
650}
651
652"a:" uiv ":" "{" {
653    long elements = parse_iv(start + 2);
654    /* use iv() not uiv() in order to check data range */
655    *p = YYCURSOR;
656
657    if (elements < 0) {
658        return 0;
659    }
660
661    INIT_PZVAL(*rval);
662
663    array_init_size(*rval, elements);
664
665    if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_PP(rval), elements, 0)) {
666        return 0;
667    }
668
669    return finish_nested_data(UNSERIALIZE_PASSTHRU);
670}
671
672"o:" iv ":" ["] {
673
674    INIT_PZVAL(*rval);
675
676    return object_common2(UNSERIALIZE_PASSTHRU,
677            object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR));
678}
679
680object ":" uiv ":" ["]  {
681    size_t len, len2, len3, maxlen;
682    long elements;
683    char *class_name;
684    zend_class_entry *ce;
685    zend_class_entry **pce;
686    int incomplete_class = 0;
687
688    int custom_object = 0;
689
690    zval *user_func;
691    zval *retval_ptr;
692    zval **args[1];
693    zval *arg_func_name;
694
695    if (*start == 'C') {
696        custom_object = 1;
697    }
698
699    INIT_PZVAL(*rval);
700    len2 = len = parse_uiv(start + 2);
701    maxlen = max - YYCURSOR;
702    if (maxlen < len || len == 0) {
703        *p = start + 2;
704        return 0;
705    }
706
707    class_name = (char*)YYCURSOR;
708
709    YYCURSOR += len;
710
711    if (*(YYCURSOR) != '"') {
712        *p = YYCURSOR;
713        return 0;
714    }
715    if (*(YYCURSOR+1) != ':') {
716        *p = YYCURSOR+1;
717        return 0;
718    }
719
720    len3 = strspn(class_name, "0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\");
721    if (len3 != len)
722    {
723        *p = YYCURSOR + len3 - len;
724        return 0;
725    }
726
727    class_name = estrndup(class_name, len);
728
729    do {
730        /* Try to find class directly */
731        BG(serialize_lock)++;
732        if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
733            BG(serialize_lock)--;
734            if (EG(exception)) {
735                efree(class_name);
736                return 0;
737            }
738            ce = *pce;
739            break;
740        }
741        BG(serialize_lock)--;
742
743        if (EG(exception)) {
744            efree(class_name);
745            return 0;
746        }
747
748        /* Check for unserialize callback */
749        if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) {
750            incomplete_class = 1;
751            ce = PHP_IC_ENTRY;
752            break;
753        }
754
755        /* Call unserialize callback */
756        MAKE_STD_ZVAL(user_func);
757        ZVAL_STRING(user_func, PG(unserialize_callback_func), 1);
758        args[0] = &arg_func_name;
759        MAKE_STD_ZVAL(arg_func_name);
760        ZVAL_STRING(arg_func_name, class_name, 1);
761        BG(serialize_lock)++;
762        if (call_user_function_ex(CG(function_table), NULL, user_func, &retval_ptr, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) {
763            BG(serialize_lock)--;
764            if (EG(exception)) {
765                efree(class_name);
766                zval_ptr_dtor(&user_func);
767                zval_ptr_dtor(&arg_func_name);
768                return 0;
769            }
770            php_error_docref(NULL TSRMLS_CC, E_WARNING, "defined (%s) but not found", user_func->value.str.val);
771            incomplete_class = 1;
772            ce = PHP_IC_ENTRY;
773            zval_ptr_dtor(&user_func);
774            zval_ptr_dtor(&arg_func_name);
775            break;
776        }
777        BG(serialize_lock)--;
778        if (retval_ptr) {
779            zval_ptr_dtor(&retval_ptr);
780        }
781        if (EG(exception)) {
782            efree(class_name);
783            zval_ptr_dtor(&user_func);
784            zval_ptr_dtor(&arg_func_name);
785            return 0;
786        }
787
788        /* The callback function may have defined the class */
789        if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) {
790            ce = *pce;
791        } else {
792            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Function %s() hasn't defined the class it was called for", user_func->value.str.val);
793            incomplete_class = 1;
794            ce = PHP_IC_ENTRY;
795        }
796
797        zval_ptr_dtor(&user_func);
798        zval_ptr_dtor(&arg_func_name);
799        break;
800    } while (1);
801
802    *p = YYCURSOR;
803
804    if (custom_object) {
805        int ret;
806
807        ret = object_custom(UNSERIALIZE_PASSTHRU, ce);
808
809        if (ret && incomplete_class) {
810            php_store_class_name(*rval, class_name, len2);
811        }
812        efree(class_name);
813        return ret;
814    }
815
816    elements = object_common1(UNSERIALIZE_PASSTHRU, ce);
817
818    if (incomplete_class) {
819        php_store_class_name(*rval, class_name, len2);
820    }
821    efree(class_name);
822
823    return object_common2(UNSERIALIZE_PASSTHRU, elements);
824}
825
826"}" {
827    /* this is the case where we have less data than planned */
828    php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data");
829    return 0; /* not sure if it should be 0 or 1 here? */
830}
831
832any { return 0; }
833
834*/
835
836    return 0;
837}
838