Only accept string as the format parameter of *printf() functions

kocsismate · kocsismate · commit b2dc833c1a24 · 2019-12-09T19:43:34.000+01:00
diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c
@@ -392,22 +392,15 @@ php_sprintf_getnumber(char **buffer, size_t *len)
  *  - 0 or more: ArgumentCountError is thrown
  */
 static zend_string *
-php_formatted_print(zval *z_format, zval *args, int argc, int nb_additional_parameters)
+php_formatted_print(char *format, size_t format_len, zval *args, int argc, int nb_additional_parameters)
 {
 	size_t size = 240, outpos = 0;
 	int alignment, currarg, adjusting, argnum, width, precision;
-	char *format, *temppos, padding;
+	char *temppos, padding;
 	zend_string *result;
 	int always_sign;
-	size_t format_len;
 	int bad_arg_number = 0;
 
-	if (!try_convert_to_string(z_format)) {
-		return NULL;
-	}
-
-	format = Z_STRVAL_P(z_format);
-	format_len = Z_STRLEN_P(z_format);
 	result = zend_string_alloc(size, 0);
 
 	currarg = 0;
@@ -680,15 +673,17 @@ php_formatted_print_get_array(zval *array, int *argc)
 PHP_FUNCTION(user_sprintf)
 {
 	zend_string *result;
-	zval *format, *args;
+	char *format;
+	size_t format_len;
+	zval *args;
 	int argc;
 
 	ZEND_PARSE_PARAMETERS_START(1, -1)
-		Z_PARAM_ZVAL(format)
+		Z_PARAM_STRING(format, format_len)
 		Z_PARAM_VARIADIC('*', args, argc)
 	ZEND_PARSE_PARAMETERS_END();
 
-	result = php_formatted_print(format, args, argc, 1);
+	result = php_formatted_print(format, format_len, args, argc, 1);
 	if (result == NULL) {
 		return;
 	}
@@ -701,17 +696,19 @@ PHP_FUNCTION(user_sprintf)
 PHP_FUNCTION(vsprintf)
 {
 	zend_string *result;
-	zval *format, *array, *args;
+	char *format;
+	size_t format_len;
+	zval *array, *args;
 	int argc;
 
 	ZEND_PARSE_PARAMETERS_START(2, 2)
-		Z_PARAM_ZVAL(format)
+		Z_PARAM_STRING(format, format_len)
 		Z_PARAM_ZVAL(array)
 	ZEND_PARSE_PARAMETERS_END();
 
 	args = php_formatted_print_get_array(array, &argc);
 
-	result = php_formatted_print(format, args, argc, -1);
+	result = php_formatted_print(format, format_len, args, argc, -1);
 	efree(args);
 	if (result == NULL) {
 		return;
@@ -726,15 +723,17 @@ PHP_FUNCTION(user_printf)
 {
 	zend_string *result;
 	size_t rlen;
-	zval *format, *args;
+	char *format;
+	size_t format_len;
+	zval *args;
 	int argc;
 
 	ZEND_PARSE_PARAMETERS_START(1, -1)
-		Z_PARAM_ZVAL(format)
+		Z_PARAM_STRING(format, format_len)
 		Z_PARAM_VARIADIC('*', args, argc)
 	ZEND_PARSE_PARAMETERS_END();
 
-	result = php_formatted_print(format, args, argc, 1);
+	result = php_formatted_print(format, format_len, args, argc, 1);
 	if (result == NULL) {
 		return;
 	}
@@ -750,17 +749,19 @@ PHP_FUNCTION(vprintf)
 {
 	zend_string *result;
 	size_t rlen;
-	zval *format, *array, *args;
+	char *format;
+	size_t format_len;
+	zval *array, *args;
 	int argc;
 
 	ZEND_PARSE_PARAMETERS_START(2, 2)
-		Z_PARAM_ZVAL(format)
+		Z_PARAM_STRING(format, format_len)
 		Z_PARAM_ZVAL(array)
 	ZEND_PARSE_PARAMETERS_END();
 
 	args = php_formatted_print_get_array(array, &argc);
 
-	result = php_formatted_print(format, args, argc, -1);
+	result = php_formatted_print(format, format_len, args, argc, -1);
 	efree(args);
 	if (result == NULL) {
 		return;
@@ -776,7 +777,9 @@ PHP_FUNCTION(vprintf)
 PHP_FUNCTION(fprintf)
 {
 	php_stream *stream;
-	zval *arg1, *format, *args;
+	char *format;
+	size_t format_len;
+	zval *arg1, *args;
 	int argc;
 	zend_string *result;
 
@@ -786,13 +789,13 @@ PHP_FUNCTION(fprintf)
 
 	ZEND_PARSE_PARAMETERS_START(2, -1)
 		Z_PARAM_RESOURCE(arg1)
-		Z_PARAM_ZVAL(format)
+		Z_PARAM_STRING(format, format_len)
 		Z_PARAM_VARIADIC('*', args, argc)
 	ZEND_PARSE_PARAMETERS_END();
 
 	php_stream_from_zval(stream, arg1);
 
-	result = php_formatted_print(format, args, argc, 2);
+	result = php_formatted_print(format, format_len, args, argc, 2);
 	if (result == NULL) {
 		return;
 	}
@@ -809,7 +812,9 @@ PHP_FUNCTION(fprintf)
 PHP_FUNCTION(vfprintf)
 {
 	php_stream *stream;
-	zval *arg1, *format, *array, *args;
+	char *format;
+	size_t format_len;
+	zval *arg1, *array, *args;
 	int argc;
 	zend_string *result;
 
@@ -819,15 +824,15 @@ PHP_FUNCTION(vfprintf)
 
 	ZEND_PARSE_PARAMETERS_START(3, 3)
 		Z_PARAM_RESOURCE(arg1)
-		Z_PARAM_ZVAL(format)
+		Z_PARAM_STRING(format, format_len)
 		Z_PARAM_ZVAL(array)
 	ZEND_PARSE_PARAMETERS_END();
 
 	php_stream_from_zval(stream, arg1);
 
 	args = php_formatted_print_get_array(array, &argc);
 
-	result = php_formatted_print(format, args, argc, -1);
+	result = php_formatted_print(format, format_len, args, argc, -1);
 	efree(args);
 	if (result == NULL) {
 		return;
diff --git a/ext/standard/tests/file/fscanf_variation10.phpt b/ext/standard/tests/file/fscanf_variation10.phpt
@@ -42,7 +42,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation11.phpt b/ext/standard/tests/file/fscanf_variation11.phpt
@@ -47,7 +47,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation16.phpt b/ext/standard/tests/file/fscanf_variation16.phpt
@@ -41,7 +41,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation17.phpt b/ext/standard/tests/file/fscanf_variation17.phpt
@@ -46,7 +46,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation22.phpt b/ext/standard/tests/file/fscanf_variation22.phpt
@@ -41,7 +41,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation23.phpt b/ext/standard/tests/file/fscanf_variation23.phpt
@@ -46,7 +46,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation29.phpt b/ext/standard/tests/file/fscanf_variation29.phpt
@@ -42,7 +42,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation30.phpt b/ext/standard/tests/file/fscanf_variation30.phpt
@@ -47,7 +47,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation35.phpt b/ext/standard/tests/file/fscanf_variation35.phpt
@@ -37,7 +37,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation36.phpt b/ext/standard/tests/file/fscanf_variation36.phpt
@@ -42,7 +42,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation4.phpt b/ext/standard/tests/file/fscanf_variation4.phpt
@@ -38,7 +38,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation41.phpt b/ext/standard/tests/file/fscanf_variation41.phpt
@@ -37,7 +37,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation42.phpt b/ext/standard/tests/file/fscanf_variation42.phpt
@@ -42,7 +42,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation47.phpt b/ext/standard/tests/file/fscanf_variation47.phpt
@@ -37,7 +37,7 @@ $counter = 1;
 
 // writing to the file
 foreach($resource_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation48.phpt b/ext/standard/tests/file/fscanf_variation48.phpt
@@ -42,7 +42,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/file/fscanf_variation5.phpt b/ext/standard/tests/file/fscanf_variation5.phpt
@@ -42,7 +42,7 @@ $counter = 1;
 
 // writing to the file
 foreach($array_types as $value) {
-  @fprintf($file_handle, $value);
+  @fprintf($file_handle, "%s", $value);
   @fprintf($file_handle, "\n");
 }
 // closing the file
diff --git a/ext/standard/tests/strings/printf_variation1.phpt b/ext/standard/tests/strings/printf_variation1.phpt
diff --git a/ext/standard/tests/strings/sprintf_variation1.phpt b/ext/standard/tests/strings/sprintf_variation1.phpt
diff --git a/ext/standard/tests/strings/vfprintf_error3.phpt b/ext/standard/tests/strings/vfprintf_error3.phpt
diff --git a/ext/standard/tests/strings/vfprintf_variation20.phpt b/ext/standard/tests/strings/vfprintf_variation20.phpt
diff --git a/ext/standard/tests/strings/vprintf_variation1.phpt b/ext/standard/tests/strings/vprintf_variation1.phpt
diff --git a/ext/standard/tests/strings/vsprintf_variation1.phpt b/ext/standard/tests/strings/vsprintf_variation1.phpt
diff --git a/tests/classes/tostring_004.phpt b/tests/classes/tostring_004.phpt

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ $counter = 1;`
`42`	`42`
`43`	`43`	`// writing to the file`
`44`	`44`	`foreach($resource_types as $value) {`
`45`		`- @fprintf($file_handle, $value);`
	`45`	`+ @fprintf($file_handle, "%s", $value);`
`46`	`46`	`@fprintf($file_handle, "\n");`
`47`	`47`	`}`
`48`	`48`	`// closing the file`
Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ $counter = 1;`
`47`	`47`
`48`	`48`	`// writing to the file`
`49`	`49`	`foreach($array_types as $value) {`
`50`		`- @fprintf($file_handle, $value);`
	`50`	`+ @fprintf($file_handle, "%s", $value);`
`51`	`51`	`@fprintf($file_handle, "\n");`
`52`	`52`	`}`
`53`	`53`	`// closing the file`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ $counter = 1;`
`41`	`41`
`42`	`42`	`// writing to the file`
`43`	`43`	`foreach($resource_types as $value) {`
`44`		`- @fprintf($file_handle, $value);`
	`44`	`+ @fprintf($file_handle, "%s", $value);`
`45`	`45`	`@fprintf($file_handle, "\n");`
`46`	`46`	`}`
`47`	`47`	`// closing the file`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ $counter = 1;`
`46`	`46`
`47`	`47`	`// writing to the file`
`48`	`48`	`foreach($array_types as $value) {`
`49`		`- @fprintf($file_handle, $value);`
	`49`	`+ @fprintf($file_handle, "%s", $value);`
`50`	`50`	`@fprintf($file_handle, "\n");`
`51`	`51`	`}`
`52`	`52`	`// closing the file`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ $counter = 1;`
`37`	`37`
`38`	`38`	`// writing to the file`
`39`	`39`	`foreach($resource_types as $value) {`
`40`		`- @fprintf($file_handle, $value);`
	`40`	`+ @fprintf($file_handle, "%s", $value);`
`41`	`41`	`@fprintf($file_handle, "\n");`
`42`	`42`	`}`
`43`	`43`	`// closing the file`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ $counter = 1;`
`38`	`38`
`39`	`39`	`// writing to the file`
`40`	`40`	`foreach($resource_types as $value) {`
`41`		`- @fprintf($file_handle, $value);`
	`41`	`+ @fprintf($file_handle, "%s", $value);`
`42`	`42`	`@fprintf($file_handle, "\n");`
`43`	`43`	`}`
`44`	`44`	`// closing the file`