[2006-05-23 22:19 UTC] jdolecek at NetBSD dot org

Description:
------------
WDDX serializes control charactes using a <char code="XX"/> construct, However, the code contains sign extension bug, and on platforms with signed char the result XX contains incorrect (sign-extended) code.

This affects e.g. UTF8-encoded non-ASCII text, which can contain characters in 128-160 range.

Fix:

--- wddx.c.orig 2006-05-23 23:58:54.000000000 +0200
+++ wddx.c
@@ -401,7 +401,7 @@ static void php_wddx_serialize_string(wd
                                default:
                                        if (iscntrl((int)*(unsigned char *)p)) {
                                                FLUSH_BUF();
-                                               sprintf(control_buf, WDDX_CHAR, *p);
+                                               sprintf(control_buf, WDDX_CHAR, (int)*(unsigned char *)p);
                                                php_wddx_add_chunk(packet, control_buf);
                                        } else
                                                buf[l++] = *p;


Reproduce code:
---------------
On UNIX with iso-8859-1 locale:

echo wddx_serialize_value(chr(1))."\n";
echo wddx_serialize_value(chr(128))."\n";


Expected result:
----------------
<wddxPacket version='1.0'><header/><data><string><char code='01'/></string></data></wddxPacket>
<wddxPacket version='1.0'><header/><data><string><char code='80'/></string></data></wddxPacket>



Actual result:
--------------
<wddxPacket version='1.0'><header/><data><string><char code='01'/></string></data></wddxPacket>
<wddxPacket version='1.0'><header/><data><string><char code='FFFFFF80'/></string></data></wddxPacket>

 [2006-05-25 23:24 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.