diff options
| author | Stanislav Malyshev <stas@php.net> | 2014-05-13 16:44:24 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2014-05-13 16:47:27 -0700 |
| commit | 0094fd096905d2d3e53b12c76cfc27976dc2db03 (patch) | |
| tree | b242a5a5411e1306d4564d85f5e42fc07b2b3f01 | |
| parent | 9103c9eb4fccfa5f71283c0e631285252af95e5e (diff) | |
| parent | 466b8aa444523b9b53811487f0f6ca4421bfb5e1 (diff) | |
| download | php-git-0094fd096905d2d3e53b12c76cfc27976dc2db03.tar.gz | |
Merge branch 'bug67252' into PHP-5.4
* bug67252:
fix bug #67253: timelib_meridian_with_check out-of-bounds read
Fix bug #67252: convert_uudecode out-of-bounds read
| -rw-r--r-- | ext/date/lib/parse_date.c | 201 | ||||
| -rw-r--r-- | ext/date/lib/parse_date.re | 5 | ||||
| -rw-r--r-- | ext/date/tests/bug67253.phpt | 44 | ||||
| -rw-r--r-- | ext/standard/tests/strings/bug67252.phpt | 13 | ||||
| -rw-r--r-- | ext/standard/uuencode.c | 3 |
5 files changed, 166 insertions, 100 deletions
diff --git a/ext/date/lib/parse_date.c b/ext/date/lib/parse_date.c index 47b48178c2..14a6d73c32 100644 --- a/ext/date/lib/parse_date.c +++ b/ext/date/lib/parse_date.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Sat Jan 25 15:48:30 2014 */ +/* Generated by re2c 0.13.5 on Tue May 13 16:47:20 2014 */ #line 1 "ext/date/lib/parse_date.re" /* +----------------------------------------------------------------------+ @@ -403,9 +403,12 @@ static timelib_sll timelib_meridian_with_check(char **ptr, timelib_sll h) { timelib_sll retval = 0; - while (!strchr("AaPp", **ptr)) { + while (**ptr && !strchr("AaPp", **ptr)) { ++*ptr; } + if(!**ptr) { + return TIMELIB_UNSET; + } if (**ptr == 'a' || **ptr == 'A') { if (h == 12) { retval = -12; @@ -872,11 +875,11 @@ static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper) std: s->tok = cursor; s->len = 0; -#line 998 "ext/date/lib/parse_date.re" +#line 1001 "ext/date/lib/parse_date.re" -#line 880 "ext/date/lib/parse_date.c" +#line 883 "ext/date/lib/parse_date.c" { YYCTYPE yych; unsigned int yyaccept = 0; @@ -996,7 +999,7 @@ std: } yy2: YYDEBUG(2, *YYCURSOR); -#line 1084 "ext/date/lib/parse_date.re" +#line 1087 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("firstdayof | lastdayof"); TIMELIB_INIT; @@ -1012,7 +1015,7 @@ yy2: TIMELIB_DEINIT; return TIMELIB_LF_DAY_OF_MONTH; } -#line 1016 "ext/date/lib/parse_date.c" +#line 1019 "ext/date/lib/parse_date.c" yy3: YYDEBUG(3, *YYCURSOR); ++YYCURSOR; @@ -1035,7 +1038,7 @@ yy3: } yy4: YYDEBUG(4, *YYCURSOR); -#line 1678 "ext/date/lib/parse_date.re" +#line 1681 "ext/date/lib/parse_date.re" { int tz_not_found; DEBUG_OUTPUT("tzcorrection | tz"); @@ -1048,7 +1051,7 @@ yy4: TIMELIB_DEINIT; return TIMELIB_TIMEZONE; } -#line 1052 "ext/date/lib/parse_date.c" +#line 1055 "ext/date/lib/parse_date.c" yy5: YYDEBUG(5, *YYCURSOR); yych = *++YYCURSOR; @@ -1359,12 +1362,12 @@ yy12: if (yych <= '9') goto yy1385; yy13: YYDEBUG(13, *YYCURSOR); -#line 1773 "ext/date/lib/parse_date.re" +#line 1776 "ext/date/lib/parse_date.re" { add_error(s, "Unexpected character"); goto std; } -#line 1368 "ext/date/lib/parse_date.c" +#line 1371 "ext/date/lib/parse_date.c" yy14: YYDEBUG(14, *YYCURSOR); yych = *++YYCURSOR; @@ -2421,11 +2424,11 @@ yy49: if (yych <= '9') goto yy55; yy50: YYDEBUG(50, *YYCURSOR); -#line 1762 "ext/date/lib/parse_date.re" +#line 1765 "ext/date/lib/parse_date.re" { goto std; } -#line 2429 "ext/date/lib/parse_date.c" +#line 2432 "ext/date/lib/parse_date.c" yy51: YYDEBUG(51, *YYCURSOR); yych = *++YYCURSOR; @@ -2434,12 +2437,12 @@ yy52: YYDEBUG(52, *YYCURSOR); ++YYCURSOR; YYDEBUG(53, *YYCURSOR); -#line 1767 "ext/date/lib/parse_date.re" +#line 1770 "ext/date/lib/parse_date.re" { s->pos = cursor; s->line++; goto std; } -#line 2443 "ext/date/lib/parse_date.c" +#line 2446 "ext/date/lib/parse_date.c" yy54: YYDEBUG(54, *YYCURSOR); yych = *++YYCURSOR; @@ -2826,7 +2829,7 @@ yy72: if (yych == 's') goto yy74; yy73: YYDEBUG(73, *YYCURSOR); -#line 1746 "ext/date/lib/parse_date.re" +#line 1749 "ext/date/lib/parse_date.re" { timelib_ull i; DEBUG_OUTPUT("relative"); @@ -2841,7 +2844,7 @@ yy73: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 2845 "ext/date/lib/parse_date.c" +#line 2848 "ext/date/lib/parse_date.c" yy74: YYDEBUG(74, *YYCURSOR); yych = *++YYCURSOR; @@ -3603,7 +3606,7 @@ yy166: } yy167: YYDEBUG(167, *YYCURSOR); -#line 1609 "ext/date/lib/parse_date.re" +#line 1612 "ext/date/lib/parse_date.re" { const timelib_relunit* relunit; DEBUG_OUTPUT("daytext"); @@ -3620,7 +3623,7 @@ yy167: TIMELIB_DEINIT; return TIMELIB_WEEKDAY; } -#line 3624 "ext/date/lib/parse_date.c" +#line 3627 "ext/date/lib/parse_date.c" yy168: YYDEBUG(168, *YYCURSOR); yych = *++YYCURSOR; @@ -4140,7 +4143,7 @@ yy193: } yy194: YYDEBUG(194, *YYCURSOR); -#line 1668 "ext/date/lib/parse_date.re" +#line 1671 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("monthtext"); TIMELIB_INIT; @@ -4149,7 +4152,7 @@ yy194: TIMELIB_DEINIT; return TIMELIB_DATE_TEXT; } -#line 4153 "ext/date/lib/parse_date.c" +#line 4156 "ext/date/lib/parse_date.c" yy195: YYDEBUG(195, *YYCURSOR); ++YYCURSOR; @@ -4200,7 +4203,7 @@ yy198: } yy199: YYDEBUG(199, *YYCURSOR); -#line 1414 "ext/date/lib/parse_date.re" +#line 1417 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("datetextual | datenoyear"); @@ -4213,7 +4216,7 @@ yy199: TIMELIB_DEINIT; return TIMELIB_DATE_TEXT; } -#line 4217 "ext/date/lib/parse_date.c" +#line 4220 "ext/date/lib/parse_date.c" yy200: YYDEBUG(200, *YYCURSOR); yyaccept = 6; @@ -4482,7 +4485,7 @@ yy222: } yy223: YYDEBUG(223, *YYCURSOR); -#line 1716 "ext/date/lib/parse_date.re" +#line 1719 "ext/date/lib/parse_date.re" { int tz_not_found; DEBUG_OUTPUT("dateshortwithtimeshort | dateshortwithtimelong | dateshortwithtimelongtz"); @@ -4511,7 +4514,7 @@ yy223: TIMELIB_DEINIT; return TIMELIB_SHORTDATE_WITH_TIME; } -#line 4515 "ext/date/lib/parse_date.c" +#line 4518 "ext/date/lib/parse_date.c" yy224: YYDEBUG(224, *YYCURSOR); yyaccept = 7; @@ -5209,7 +5212,7 @@ yy278: YYDEBUG(278, *YYCURSOR); ++YYCURSOR; YYDEBUG(279, *YYCURSOR); -#line 1692 "ext/date/lib/parse_date.re" +#line 1695 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("dateshortwithtimeshort12 | dateshortwithtimelong12"); TIMELIB_INIT; @@ -5232,7 +5235,7 @@ yy278: TIMELIB_DEINIT; return TIMELIB_SHORTDATE_WITH_TIME; } -#line 5236 "ext/date/lib/parse_date.c" +#line 5239 "ext/date/lib/parse_date.c" yy280: YYDEBUG(280, *YYCURSOR); yych = *++YYCURSOR; @@ -5410,7 +5413,7 @@ yy294: ++YYCURSOR; yy295: YYDEBUG(295, *YYCURSOR); -#line 1386 "ext/date/lib/parse_date.re" +#line 1389 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("datenoday"); @@ -5423,7 +5426,7 @@ yy295: TIMELIB_DEINIT; return TIMELIB_DATE_NO_DAY; } -#line 5427 "ext/date/lib/parse_date.c" +#line 5430 "ext/date/lib/parse_date.c" yy296: YYDEBUG(296, *YYCURSOR); yych = *++YYCURSOR; @@ -6643,7 +6646,7 @@ yy362: if (yych <= '9') goto yy365; yy364: YYDEBUG(364, *YYCURSOR); -#line 1530 "ext/date/lib/parse_date.re" +#line 1533 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("pgtextshort"); @@ -6656,7 +6659,7 @@ yy364: TIMELIB_DEINIT; return TIMELIB_PG_TEXT; } -#line 6660 "ext/date/lib/parse_date.c" +#line 6663 "ext/date/lib/parse_date.c" yy365: YYDEBUG(365, *YYCURSOR); yych = *++YYCURSOR; @@ -7294,7 +7297,7 @@ yy392: } yy393: YYDEBUG(393, *YYCURSOR); -#line 1588 "ext/date/lib/parse_date.re" +#line 1591 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("ago"); TIMELIB_INIT; @@ -7314,7 +7317,7 @@ yy393: TIMELIB_DEINIT; return TIMELIB_AGO; } -#line 7318 "ext/date/lib/parse_date.c" +#line 7321 "ext/date/lib/parse_date.c" yy394: YYDEBUG(394, *YYCURSOR); yyaccept = 5; @@ -9064,7 +9067,7 @@ yy454: ++YYCURSOR; yy455: YYDEBUG(455, *YYCURSOR); -#line 1291 "ext/date/lib/parse_date.re" +#line 1294 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("iso8601date4 | iso8601date2 | iso8601dateslash | dateslash"); TIMELIB_INIT; @@ -9075,7 +9078,7 @@ yy455: TIMELIB_DEINIT; return TIMELIB_ISO_DATE; } -#line 9079 "ext/date/lib/parse_date.c" +#line 9082 "ext/date/lib/parse_date.c" yy456: YYDEBUG(456, *YYCURSOR); yyaccept = 0; @@ -9635,7 +9638,7 @@ yy475: } yy476: YYDEBUG(476, *YYCURSOR); -#line 1428 "ext/date/lib/parse_date.re" +#line 1431 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("datenoyearrev"); TIMELIB_INIT; @@ -9646,7 +9649,7 @@ yy476: TIMELIB_DEINIT; return TIMELIB_DATE_TEXT; } -#line 9650 "ext/date/lib/parse_date.c" +#line 9653 "ext/date/lib/parse_date.c" yy477: YYDEBUG(477, *YYCURSOR); yyaccept = 10; @@ -9787,7 +9790,7 @@ yy488: YYDEBUG(488, *YYCURSOR); ++YYCURSOR; YYDEBUG(489, *YYCURSOR); -#line 1146 "ext/date/lib/parse_date.re" +#line 1149 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("timetiny12 | timeshort12 | timelong12"); TIMELIB_INIT; @@ -9803,7 +9806,7 @@ yy488: TIMELIB_DEINIT; return TIMELIB_TIME12; } -#line 9807 "ext/date/lib/parse_date.c" +#line 9810 "ext/date/lib/parse_date.c" yy490: YYDEBUG(490, *YYCURSOR); yyaccept = 11; @@ -9816,7 +9819,7 @@ yy490: } yy491: YYDEBUG(491, *YYCURSOR); -#line 1183 "ext/date/lib/parse_date.re" +#line 1186 "ext/date/lib/parse_date.re" { int tz_not_found; DEBUG_OUTPUT("timeshort24 | timelong24 | iso8601long"); @@ -9841,7 +9844,7 @@ yy491: TIMELIB_DEINIT; return TIMELIB_TIME24_WITH_ZONE; } -#line 9845 "ext/date/lib/parse_date.c" +#line 9848 "ext/date/lib/parse_date.c" yy492: YYDEBUG(492, *YYCURSOR); yyaccept = 11; @@ -10151,7 +10154,7 @@ yy523: YYDEBUG(523, *YYCURSOR); ++YYCURSOR; YYDEBUG(524, *YYCURSOR); -#line 1163 "ext/date/lib/parse_date.re" +#line 1166 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("mssqltime"); TIMELIB_INIT; @@ -10170,7 +10173,7 @@ yy523: TIMELIB_DEINIT; return TIMELIB_TIME24_WITH_ZONE; } -#line 10174 "ext/date/lib/parse_date.c" +#line 10177 "ext/date/lib/parse_date.c" yy525: YYDEBUG(525, *YYCURSOR); yyaccept = 11; @@ -10276,7 +10279,7 @@ yy534: if (yych <= '9') goto yy541; yy535: YYDEBUG(535, *YYCURSOR); -#line 1345 "ext/date/lib/parse_date.re" +#line 1348 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("datefull"); @@ -10290,7 +10293,7 @@ yy535: TIMELIB_DEINIT; return TIMELIB_DATE_FULL; } -#line 10294 "ext/date/lib/parse_date.c" +#line 10297 "ext/date/lib/parse_date.c" yy536: YYDEBUG(536, *YYCURSOR); yych = *++YYCURSOR; @@ -11027,7 +11030,7 @@ yy605: YYDEBUG(606, *YYCURSOR); ++YYCURSOR; YYDEBUG(607, *YYCURSOR); -#line 1360 "ext/date/lib/parse_date.re" +#line 1363 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("pointed date YYYY"); TIMELIB_INIT; @@ -11038,7 +11041,7 @@ yy605: TIMELIB_DEINIT; return TIMELIB_DATE_FULL_POINTED; } -#line 11042 "ext/date/lib/parse_date.c" +#line 11045 "ext/date/lib/parse_date.c" yy608: YYDEBUG(608, *YYCURSOR); yyaccept = 11; @@ -11074,7 +11077,7 @@ yy611: if (yych <= '9') goto yy605; yy612: YYDEBUG(612, *YYCURSOR); -#line 1372 "ext/date/lib/parse_date.re" +#line 1375 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("pointed date YY"); @@ -11087,7 +11090,7 @@ yy612: TIMELIB_DEINIT; return TIMELIB_DATE_FULL_POINTED; } -#line 11091 "ext/date/lib/parse_date.c" +#line 11094 "ext/date/lib/parse_date.c" yy613: YYDEBUG(613, *YYCURSOR); yyaccept = 11; @@ -11728,7 +11731,7 @@ yy656: } yy657: YYDEBUG(657, *YYCURSOR); -#line 1331 "ext/date/lib/parse_date.re" +#line 1334 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("gnudateshort"); @@ -11741,7 +11744,7 @@ yy657: TIMELIB_DEINIT; return TIMELIB_ISO_DATE; } -#line 11745 "ext/date/lib/parse_date.c" +#line 11748 "ext/date/lib/parse_date.c" yy658: YYDEBUG(658, *YYCURSOR); yyaccept = 13; @@ -11847,7 +11850,7 @@ yy666: } yy667: YYDEBUG(667, *YYCURSOR); -#line 1275 "ext/date/lib/parse_date.re" +#line 1278 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("americanshort | american"); @@ -11862,7 +11865,7 @@ yy667: TIMELIB_DEINIT; return TIMELIB_AMERICAN; } -#line 11866 "ext/date/lib/parse_date.c" +#line 11869 "ext/date/lib/parse_date.c" yy668: YYDEBUG(668, *YYCURSOR); yyaccept = 14; @@ -12095,7 +12098,7 @@ yy700: if (yych <= ':') goto yy704; yy701: YYDEBUG(701, *YYCURSOR); -#line 1558 "ext/date/lib/parse_date.re" +#line 1561 "ext/date/lib/parse_date.re" { int tz_not_found; DEBUG_OUTPUT("clf"); @@ -12115,7 +12118,7 @@ yy701: TIMELIB_DEINIT; return TIMELIB_CLF; } -#line 12119 "ext/date/lib/parse_date.c" +#line 12122 "ext/date/lib/parse_date.c" yy702: YYDEBUG(702, *YYCURSOR); yych = *++YYCURSOR; @@ -12667,7 +12670,7 @@ yy763: } yy764: YYDEBUG(764, *YYCURSOR); -#line 1303 "ext/date/lib/parse_date.re" +#line 1306 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("iso8601date2"); @@ -12680,7 +12683,7 @@ yy764: TIMELIB_DEINIT; return TIMELIB_ISO_DATE; } -#line 12684 "ext/date/lib/parse_date.c" +#line 12687 "ext/date/lib/parse_date.c" yy765: YYDEBUG(765, *YYCURSOR); yych = *++YYCURSOR; @@ -12719,7 +12722,7 @@ yy771: YYDEBUG(771, *YYCURSOR); ++YYCURSOR; YYDEBUG(772, *YYCURSOR); -#line 1544 "ext/date/lib/parse_date.re" +#line 1547 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("pgtextreverse"); @@ -12732,7 +12735,7 @@ yy771: TIMELIB_DEINIT; return TIMELIB_PG_TEXT; } -#line 12736 "ext/date/lib/parse_date.c" +#line 12739 "ext/date/lib/parse_date.c" yy773: YYDEBUG(773, *YYCURSOR); yych = *++YYCURSOR; @@ -12870,7 +12873,7 @@ yy783: } yy784: YYDEBUG(784, *YYCURSOR); -#line 1579 "ext/date/lib/parse_date.re" +#line 1582 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("year4"); TIMELIB_INIT; @@ -12878,7 +12881,7 @@ yy784: TIMELIB_DEINIT; return TIMELIB_CLF; } -#line 12882 "ext/date/lib/parse_date.c" +#line 12885 "ext/date/lib/parse_date.c" yy785: YYDEBUG(785, *YYCURSOR); yych = *++YYCURSOR; @@ -13029,7 +13032,7 @@ yy793: } yy794: YYDEBUG(794, *YYCURSOR); -#line 1400 "ext/date/lib/parse_date.re" +#line 1403 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("datenodayrev"); @@ -13042,7 +13045,7 @@ yy794: TIMELIB_DEINIT; return TIMELIB_DATE_NO_DAY; } -#line 13046 "ext/date/lib/parse_date.c" +#line 13049 "ext/date/lib/parse_date.c" yy795: YYDEBUG(795, *YYCURSOR); yych = *++YYCURSOR; @@ -13257,7 +13260,7 @@ yy814: if (yych <= '7') goto yy817; yy815: YYDEBUG(815, *YYCURSOR); -#line 1511 "ext/date/lib/parse_date.re" +#line 1514 "ext/date/lib/parse_date.re" { timelib_sll w, d; DEBUG_OUTPUT("isoweek"); @@ -13275,7 +13278,7 @@ yy815: TIMELIB_DEINIT; return TIMELIB_ISO_WEEK; } -#line 13279 "ext/date/lib/parse_date.c" +#line 13282 "ext/date/lib/parse_date.c" yy816: YYDEBUG(816, *YYCURSOR); yych = *++YYCURSOR; @@ -13285,7 +13288,7 @@ yy817: YYDEBUG(817, *YYCURSOR); ++YYCURSOR; YYDEBUG(818, *YYCURSOR); -#line 1492 "ext/date/lib/parse_date.re" +#line 1495 "ext/date/lib/parse_date.re" { timelib_sll w, d; DEBUG_OUTPUT("isoweekday"); @@ -13303,7 +13306,7 @@ yy817: TIMELIB_DEINIT; return TIMELIB_ISO_WEEK; } -#line 13307 "ext/date/lib/parse_date.c" +#line 13310 "ext/date/lib/parse_date.c" yy819: YYDEBUG(819, *YYCURSOR); yych = *++YYCURSOR; @@ -13367,7 +13370,7 @@ yy821: } yy822: YYDEBUG(822, *YYCURSOR); -#line 1478 "ext/date/lib/parse_date.re" +#line 1481 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("pgydotd"); @@ -13380,7 +13383,7 @@ yy822: TIMELIB_DEINIT; return TIMELIB_PG_YEARDAY; } -#line 13384 "ext/date/lib/parse_date.c" +#line 13387 "ext/date/lib/parse_date.c" yy823: YYDEBUG(823, *YYCURSOR); yych = *++YYCURSOR; @@ -13483,7 +13486,7 @@ yy842: ++YYCURSOR; yy843: YYDEBUG(843, *YYCURSOR); -#line 1452 "ext/date/lib/parse_date.re" +#line 1455 "ext/date/lib/parse_date.re" { int tz_not_found; DEBUG_OUTPUT("xmlrpc | xmlrpcnocolon | soap | wddx | exif"); @@ -13508,7 +13511,7 @@ yy843: TIMELIB_DEINIT; return TIMELIB_XMLRPC_SOAP; } -#line 13512 "ext/date/lib/parse_date.c" +#line 13515 "ext/date/lib/parse_date.c" yy844: YYDEBUG(844, *YYCURSOR); yych = *++YYCURSOR; @@ -13770,7 +13773,7 @@ yy848: } yy849: YYDEBUG(849, *YYCURSOR); -#line 1440 "ext/date/lib/parse_date.re" +#line 1443 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("datenocolon"); TIMELIB_INIT; @@ -13781,7 +13784,7 @@ yy849: TIMELIB_DEINIT; return TIMELIB_DATE_NOCOLON; } -#line 13785 "ext/date/lib/parse_date.c" +#line 13788 "ext/date/lib/parse_date.c" yy850: YYDEBUG(850, *YYCURSOR); yych = *++YYCURSOR; @@ -14701,7 +14704,7 @@ yy973: if (yych <= '9') goto yy996; yy974: YYDEBUG(974, *YYCURSOR); -#line 1317 "ext/date/lib/parse_date.re" +#line 1320 "ext/date/lib/parse_date.re" { int length = 0; DEBUG_OUTPUT("gnudateshorter"); @@ -14714,7 +14717,7 @@ yy974: TIMELIB_DEINIT; return TIMELIB_ISO_DATE; } -#line 14718 "ext/date/lib/parse_date.c" +#line 14721 "ext/date/lib/parse_date.c" yy975: YYDEBUG(975, *YYCURSOR); yyaccept = 22; @@ -15723,7 +15726,7 @@ yy1066: } yy1068: YYDEBUG(1068, *YYCURSOR); -#line 1209 "ext/date/lib/parse_date.re" +#line 1212 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("gnunocolon"); TIMELIB_INIT; @@ -15745,7 +15748,7 @@ yy1068: TIMELIB_DEINIT; return TIMELIB_GNU_NOCOLON; } -#line 15749 "ext/date/lib/parse_date.c" +#line 15752 "ext/date/lib/parse_date.c" yy1069: YYDEBUG(1069, *YYCURSOR); yych = *++YYCURSOR; @@ -15837,7 +15840,7 @@ yy1075: } yy1076: YYDEBUG(1076, *YYCURSOR); -#line 1255 "ext/date/lib/parse_date.re" +#line 1258 "ext/date/lib/parse_date.re" { int tz_not_found; DEBUG_OUTPUT("iso8601nocolon"); @@ -15856,7 +15859,7 @@ yy1076: TIMELIB_DEINIT; return TIMELIB_ISO_NOCOLON; } -#line 15860 "ext/date/lib/parse_date.c" +#line 15863 "ext/date/lib/parse_date.c" yy1077: YYDEBUG(1077, *YYCURSOR); yyaccept = 25; @@ -16754,7 +16757,7 @@ yy1117: } yy1118: YYDEBUG(1118, *YYCURSOR); -#line 1651 "ext/date/lib/parse_date.re" +#line 1654 "ext/date/lib/parse_date.re" { timelib_sll i; int behavior = 0; @@ -16770,7 +16773,7 @@ yy1118: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 16774 "ext/date/lib/parse_date.c" +#line 16777 "ext/date/lib/parse_date.c" yy1119: YYDEBUG(1119, *YYCURSOR); ++YYCURSOR; @@ -16821,7 +16824,7 @@ yy1126: YYDEBUG(1126, *YYCURSOR); ++YYCURSOR; YYDEBUG(1127, *YYCURSOR); -#line 1124 "ext/date/lib/parse_date.re" +#line 1127 "ext/date/lib/parse_date.re" { timelib_sll i; int behavior = 0; @@ -16842,7 +16845,7 @@ yy1126: TIMELIB_DEINIT; return TIMELIB_WEEK_DAY_OF_MONTH; } -#line 16846 "ext/date/lib/parse_date.c" +#line 16849 "ext/date/lib/parse_date.c" yy1128: YYDEBUG(1128, *YYCURSOR); yyaccept = 26; @@ -16950,7 +16953,7 @@ yy1141: } yy1142: YYDEBUG(1142, *YYCURSOR); -#line 1627 "ext/date/lib/parse_date.re" +#line 1630 "ext/date/lib/parse_date.re" { timelib_sll i; int behavior = 0; @@ -16973,7 +16976,7 @@ yy1142: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 16977 "ext/date/lib/parse_date.c" +#line 16980 "ext/date/lib/parse_date.c" yy1143: YYDEBUG(1143, *YYCURSOR); yych = *++YYCURSOR; @@ -19650,7 +19653,7 @@ yy1294: goto yy1298; yy1295: YYDEBUG(1295, *YYCURSOR); -#line 1101 "ext/date/lib/parse_date.re" +#line 1104 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("backof | frontof"); TIMELIB_INIT; @@ -19672,7 +19675,7 @@ yy1295: TIMELIB_DEINIT; return TIMELIB_LF_DAY_OF_MONTH; } -#line 19676 "ext/date/lib/parse_date.c" +#line 19679 "ext/date/lib/parse_date.c" yy1296: YYDEBUG(1296, *YYCURSOR); yyaccept = 28; @@ -21363,7 +21366,7 @@ yy1385: if (yych <= '9') goto yy1385; yy1387: YYDEBUG(1387, *YYCURSOR); -#line 1058 "ext/date/lib/parse_date.re" +#line 1061 "ext/date/lib/parse_date.re" { timelib_ull i; @@ -21388,7 +21391,7 @@ yy1387: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 21392 "ext/date/lib/parse_date.c" +#line 21395 "ext/date/lib/parse_date.c" yy1388: YYDEBUG(1388, *YYCURSOR); yych = *++YYCURSOR; @@ -21824,7 +21827,7 @@ yy1416: ++YYCURSOR; yy1417: YYDEBUG(1417, *YYCURSOR); -#line 1046 "ext/date/lib/parse_date.re" +#line 1049 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("tomorrow"); TIMELIB_INIT; @@ -21835,7 +21838,7 @@ yy1417: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 21839 "ext/date/lib/parse_date.c" +#line 21842 "ext/date/lib/parse_date.c" yy1418: YYDEBUG(1418, *YYCURSOR); yych = *++YYCURSOR; @@ -21870,7 +21873,7 @@ yy1419: } yy1420: YYDEBUG(1420, *YYCURSOR); -#line 1036 "ext/date/lib/parse_date.re" +#line 1039 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("midnight | today"); TIMELIB_INIT; @@ -21879,7 +21882,7 @@ yy1420: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 21883 "ext/date/lib/parse_date.c" +#line 21886 "ext/date/lib/parse_date.c" yy1421: YYDEBUG(1421, *YYCURSOR); yych = *++YYCURSOR; @@ -23891,7 +23894,7 @@ yy1499: } yy1500: YYDEBUG(1500, *YYCURSOR); -#line 1015 "ext/date/lib/parse_date.re" +#line 1018 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("now"); TIMELIB_INIT; @@ -23899,7 +23902,7 @@ yy1500: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 23903 "ext/date/lib/parse_date.c" +#line 23906 "ext/date/lib/parse_date.c" yy1501: YYDEBUG(1501, *YYCURSOR); yych = *++YYCURSOR; @@ -24038,7 +24041,7 @@ yy1507: } yy1508: YYDEBUG(1508, *YYCURSOR); -#line 1024 "ext/date/lib/parse_date.re" +#line 1027 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("noon"); TIMELIB_INIT; @@ -24049,7 +24052,7 @@ yy1508: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 24053 "ext/date/lib/parse_date.c" +#line 24056 "ext/date/lib/parse_date.c" yy1509: YYDEBUG(1509, *YYCURSOR); yyaccept = 0; @@ -24582,7 +24585,7 @@ yy1530: ++YYCURSOR; yy1531: YYDEBUG(1531, *YYCURSOR); -#line 1003 "ext/date/lib/parse_date.re" +#line 1006 "ext/date/lib/parse_date.re" { DEBUG_OUTPUT("yesterday"); TIMELIB_INIT; @@ -24593,7 +24596,7 @@ yy1531: TIMELIB_DEINIT; return TIMELIB_RELATIVE; } -#line 24597 "ext/date/lib/parse_date.c" +#line 24600 "ext/date/lib/parse_date.c" yy1532: YYDEBUG(1532, *YYCURSOR); yyaccept = 0; @@ -24766,7 +24769,7 @@ yy1537: goto yy1531; } } -#line 1777 "ext/date/lib/parse_date.re" +#line 1780 "ext/date/lib/parse_date.re" } diff --git a/ext/date/lib/parse_date.re b/ext/date/lib/parse_date.re index 5b923d4bc4..dad5bb4b25 100644 --- a/ext/date/lib/parse_date.re +++ b/ext/date/lib/parse_date.re @@ -401,9 +401,12 @@ static timelib_sll timelib_meridian_with_check(char **ptr, timelib_sll h) { timelib_sll retval = 0; - while (!strchr("AaPp", **ptr)) { + while (**ptr && !strchr("AaPp", **ptr)) { ++*ptr; } + if(!**ptr) { + return TIMELIB_UNSET; + } if (**ptr == 'a' || **ptr == 'A') { if (h == 12) { retval = -12; diff --git a/ext/date/tests/bug67253.phpt b/ext/date/tests/bug67253.phpt new file mode 100644 index 0000000000..b28cbe63c1 --- /dev/null +++ b/ext/date/tests/bug67253.phpt @@ -0,0 +1,44 @@ +--TEST-- +Bug #67253 (timelib_meridian_with_check out-of-bounds read) +--INI-- +date.timezone=Europe/Berlin +--FILE-- +<?php +$z = ''; +var_dump(date_parse_from_format("aHa0", "0=G{$z}9UCNnF")); +--EXPECT-- +array(12) { + ["year"]=> + bool(false) + ["month"]=> + bool(false) + ["day"]=> + bool(false) + ["hour"]=> + int(0) + ["minute"]=> + int(0) + ["second"]=> + int(0) + ["fraction"]=> + bool(false) + ["warning_count"]=> + int(0) + ["warnings"]=> + array(0) { + } + ["error_count"]=> + int(3) + ["errors"]=> + array(3) { + [0]=> + string(51) "Meridian can only come after an hour has been found" + [1]=> + string(29) "A meridian could not be found" + [9]=> + string(12) "Data missing" + } + ["is_localtime"]=> + bool(false) +} + diff --git a/ext/standard/tests/strings/bug67252.phpt b/ext/standard/tests/strings/bug67252.phpt new file mode 100644 index 0000000000..80a6ebcf1c --- /dev/null +++ b/ext/standard/tests/strings/bug67252.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #67252 (convert_uudecode out-of-bounds read) +--FILE-- +<?php + +$a = "M86%A86%A86%A86%A86%A86%A86%A86%A86%A86%A86%A86%A86%A86%A86%A"."\n"."a."; +var_dump(convert_uudecode($a)); + +?> +--EXPECTF-- + +Warning: convert_uudecode(): The given parameter is not a valid uuencoded string in %s on line %d +bool(false) diff --git a/ext/standard/uuencode.c b/ext/standard/uuencode.c index 52e892ed9e..8544aef9f0 100644 --- a/ext/standard/uuencode.c +++ b/ext/standard/uuencode.c @@ -151,6 +151,9 @@ PHPAPI int php_uudecode(char *src, int src_len, char **dest) /* {{{ */ } while (s < ee) { + if(s+4 > e) { + goto err; + } *p++ = PHP_UU_DEC(*s) << 2 | PHP_UU_DEC(*(s + 1)) >> 4; *p++ = PHP_UU_DEC(*(s + 1)) << 4 | PHP_UU_DEC(*(s + 2)) >> 2; *p++ = PHP_UU_DEC(*(s + 2)) << 6 | PHP_UU_DEC(*(s + 3)); |