]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac40d0f)
Fix #78454: Consecutive numeric separators cause OOM error
authorTheodore Brown <theodorejb@outlook.com>
Sun, 25 Aug 2019 05:33:51 +0000 (00:33 -0500)
committerChristoph M. Becker <cmbecker69@gmx.de>
Sun, 25 Aug 2019 20:46:18 +0000 (22:46 +0200)
Resolves out of memory error when consecutive numeric separators follow a binary/hex literal.

NEWS patch | blob | history
Zend/tests/bug78454_1.phpt [new file with mode: 0644] patch | blob
Zend/tests/bug78454_2.phpt [new file with mode: 0644] patch | blob
Zend/zend_language_scanner.l patch | blob | history

diff --git a/NEWS b/NEWS
index 45df25766088966cc4c8d6f3944843ae7cb38645..69913fdaa8c52f1471bd293fb8500cb11c47b1e8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ PHP                                                                        NEWS
     (cmb, Nikita)
   . Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
     (cmb)
+  . Fixed bug #78454 (Consecutive numeric separators cause OOM error).
+    (Theodore Brown)
 
 - SPL:
   . Fixed bug #78436 (Missing addref in SplPriorityQueue EXTR_BOTH mode).
diff --git a/Zend/tests/bug78454_1.phpt b/Zend/tests/bug78454_1.phpt
new file mode 100644 (file)
index 0000000..184d358
--- /dev/null
+++ b/Zend/tests/bug78454_1.phpt
@@ -0,0 +1,7 @@
+--TEST--
+Invalid consecutive numeric separators after hex literal
+--FILE--
+<?php
+0x0__F;
+--EXPECTF--
+Parse error: syntax error, unexpected '__F' (T_STRING) in %s on line %d
diff --git a/Zend/tests/bug78454_2.phpt b/Zend/tests/bug78454_2.phpt
new file mode 100644 (file)
index 0000000..b67b839
--- /dev/null
+++ b/Zend/tests/bug78454_2.phpt
@@ -0,0 +1,7 @@
+--TEST--
+Invalid consecutive numeric separators after binary literal
+--FILE--
+<?php
+0b0__1
+--EXPECTF--
+Parse error: syntax error, unexpected '__1' (T_STRING) in %s on line %d
diff --git a/Zend/zend_language_scanner.l b/Zend/zend_language_scanner.l
index 2e21ee7952e0d41c036c587b54873ac5024d5535..84ed669dfb12ec605f8975325e3e7cd30c56965b 100644 (file)
--- a/Zend/zend_language_scanner.l
+++ b/Zend/zend_language_scanner.l
@@ -1775,7 +1775,7 @@ NEWLINE ("\r"|"\n"|"\r\n")
        char *end, *bin = yytext + 2;
 
        /* Skip any leading 0s */
-       while (*bin == '0' || *bin == '_') {
+       while (len > 0 && (*bin == '0' || *bin == '_')) {
                ++bin;
                --len;
        }
@@ -1892,7 +1892,7 @@ NEWLINE ("\r"|"\n"|"\r\n")
        char *end, *hex = yytext + 2;
 
        /* Skip any leading 0s */
-       while (*hex == '0' || *hex == '_') {
+       while (len > 0 && (*hex == '0' || *hex == '_')) {
                ++hex;
                --len;
        }
Unnamed repository; edit this file 'description' to name the repository.