Skip to content

Fix #63208: BSTR to PHP string conversion not binary safe #5766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cmb69 wants to merge 3 commits into from
Closed

Fix #63208: BSTR to PHP string conversion not binary safe #5766

cmb69 wants to merge 3 commits into from

Conversation

@cmb69
Copy link
Member

@cmb69 cmb69 commented Jun 25, 2020

A BSTR is similar to a zend_string; it stores the length of the
string just before the actual string, and thus the string may contain
NUL bytes. However, php_com_olestring_to_string() is supposed to
deal with arbitrary OLECHAR*s which may not be BSTRs, so we
introduce php_com_bstr_to_string() and use it for the only case where
we actually have to deal with BSTRs which may contain NUL bytes.

Contrary to php_com_olestring_to_string() we return a zend_string,
so we can save the re-allocation when converting to a zval.

@cmb69
Fix #63208: BSTR to PHP string conversion not binary safe
b4b6d29 
A `BSTR` is similar to a `zend_string`; it stores the length of the
string just before the actual string, and thus the string may contain
NUL bytes.  However, `php_com_olestring_to_string()` is supposed to
deal with arbitrary `OLECHAR*`s which may not be `BSTR`s, so we
introduce `php_com_bstr_to_string()` and use it for the only case where
we actually have to deal with `BSTR`s which may contain NUL bytes.

Contrary to `php_com_olestring_to_string()` we return a `zend_string`,
so we can save the re-allocation when converting to a `zval`.
@cmb69 cmb69 added the Bug label Jun 25, 2020
nikic
nikic reviewed Jun 25, 2020
View reviewed changes
@cmb69
Fix up
612a877 
We have to properly determine the output length of the conversion to
multi byte strings.

We also cater to `php_com_string_to_olestring()` not being binary safe,
with basically the same fix we did for `php_com_olestring_to_string()`.
nikic
nikic reviewed Jun 29, 2020
View reviewed changes
@cmb69
Avoid unnecessary allocation
3214e3d 
Instead of allocating a temporary `OLECHAR` buffer, we allocate the
final `BSTR` right away, and do the multibyte conversion into its
buffer.

We also refactor to guard statements for better readability.
nikic
nikic reviewed Jun 29, 2020
View reviewed changes
@cmb69 cmb69 closed this Jun 29, 2020
@cmb69 cmb69 deleted the cmb/63208 branch June 29, 2020 17:08
@cmb69
Copy link
Member Author

cmb69 commented Jun 29, 2020

Thanks! Applied as a385cfa.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikic nikic nikic approved these changes

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cmb69 @nikic