]> granicus.if.org Git - php/commitdiff
Fix bug #80523
authorNikita Popov <nikita.ppv@gmail.com>
Wed, 16 Dec 2020 09:16:50 +0000 (10:16 +0100)
committerNikita Popov <nikita.ppv@gmail.com>
Wed, 16 Dec 2020 09:20:20 +0000 (10:20 +0100)
Don't truncate the file length to unsigned int...

I have no idea whether that fully fixes the problem because the
process gets OOM killed before finishing, but at least the
immediate parse error is gone now.

NEWS
Zend/zend_language_scanner.l

diff --git a/NEWS b/NEWS
index 2d89d66773f87974eba720d2c294c3158c9b2f37..a62d492d0d0a0c28b7c12d07f8e1b895c0e91cac 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2021, PHP 7.4.15
 
-
+- Core:
+  . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita)
 
 07 Jan 2021, PHP 7.4.14
 
index 3cb739330a60199c14615ee3d6d64ed7e3e5c109..0d515ca9015db19f9ac7ea656f583f434e9f190c 100644 (file)
@@ -177,7 +177,7 @@ static void yy_pop_state(void)
        zend_stack_del_top(&SCNG(state_stack));
 }
 
-static void yy_scan_buffer(char *str, unsigned int len)
+static void yy_scan_buffer(char *str, size_t len)
 {
        YYCURSOR       = (YYCTYPE*)str;
        YYLIMIT        = YYCURSOR + len;
@@ -554,7 +554,7 @@ ZEND_API int open_file_for_scanning(zend_file_handle *file_handle)
                        }
                }
                SCNG(yy_start) = (unsigned char *)buf;
-               yy_scan_buffer(buf, (unsigned int)size);
+               yy_scan_buffer(buf, size);
        } else {
                zend_error_noreturn(E_COMPILE_ERROR, "zend_stream_mmap() failed");
        }
@@ -722,7 +722,7 @@ ZEND_API int zend_prepare_string_for_scanning(zval *str, char *filename)
                }
        }
 
-       yy_scan_buffer(buf, (unsigned int)size);
+       yy_scan_buffer(buf, size);
 
        new_compiled_filename = zend_string_init(filename, strlen(filename), 0);
        zend_set_compiled_filename(new_compiled_filename);