summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXinchen Hui <laruence@gmail.com>2020-02-10 13:01:51 +0800
committerXinchen Hui <laruence@gmail.com>2020-02-10 13:01:51 +0800
commit6295ff77b780705d132b15990c2904d2fe596e57 (patch)
tree44f1e68cbcbc7a6b1d01ca5d55ba29cd76522754
parent01eab11cee751bf64364a0b778e05c9018abb75a (diff)
downloadphp-git-6295ff77b780705d132b15990c2904d2fe596e57.tar.gz
Fixed bug #79244 (php crashes during parsing INI file). (Laruence)
Cherry-picked the fix(not sure why this wasn't merged to 7.4) for: Fixed bug #77589 (Core dump using parse_ini_string with numeric sections) Section name should not be typed(NULL, FALSE, TRUE etc) Conflicts: Zend/zend_ini_scanner.c
-rw-r--r--NEWS3
-rw-r--r--Zend/tests/bug77589.phpt40
-rw-r--r--Zend/zend_ini_scanner.l15
3 files changed, 51 insertions, 7 deletions
diff --git a/NEWS b/NEWS
index bb58aa35c0..44c659ea93 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,9 @@ PHP NEWS
?? ??? ????, PHP 7.4.4
+- Core:
+ . Fixed bug #79244 (php crashes during parsing INI file). (Laruence)
+
- COM:
. Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
(cmb)
diff --git a/Zend/tests/bug77589.phpt b/Zend/tests/bug77589.phpt
new file mode 100644
index 0000000000..ad07ee1351
--- /dev/null
+++ b/Zend/tests/bug77589.phpt
@@ -0,0 +1,40 @@
+--TEST--
+BUG #77589 (Core dump using parse_ini_string with numeric sections)
+--FILE--
+<?php
+var_dump(
+ parse_ini_string(<<<INI
+[0]
+a = 1
+b = on
+c = true
+
+["true"]
+a = 100
+b = null
+c = yes
+INI
+, TRUE, INI_SCANNER_TYPED));
+
+?>
+--EXPECT--
+array(2) {
+ [0]=>
+ array(3) {
+ ["a"]=>
+ int(1)
+ ["b"]=>
+ bool(true)
+ ["c"]=>
+ bool(true)
+ }
+ ["true"]=>
+ array(3) {
+ ["a"]=>
+ int(100)
+ ["b"]=>
+ NULL
+ ["c"]=>
+ bool(true)
+ }
+}
diff --git a/Zend/zend_ini_scanner.l b/Zend/zend_ini_scanner.l
index f71f0b9193..1f4bc34742 100644
--- a/Zend/zend_ini_scanner.l
+++ b/Zend/zend_ini_scanner.l
@@ -141,13 +141,14 @@ ZEND_API zend_ini_scanner_globals ini_scanner_globals;
ZVAL_NEW_STR(retval, zend_string_init(str, len, ZEND_SYSTEM_INI))
-#define RETURN_TOKEN(type, str, len) { \
- if (SCNG(scanner_mode) == ZEND_INI_SCANNER_TYPED) { \
- zend_ini_copy_typed_value(ini_lval, type, str, len); \
- } else { \
- zend_ini_copy_value(ini_lval, str, len); \
- } \
- return type; \
+#define RETURN_TOKEN(type, str, len) { \
+ if (SCNG(scanner_mode) == ZEND_INI_SCANNER_TYPED && \
+ (YYSTATE == STATE(ST_VALUE) || YYSTATE == STATE(ST_RAW))) {\
+ zend_ini_copy_typed_value(ini_lval, type, str, len); \
+ } else { \
+ zend_ini_copy_value(ini_lval, str, len); \
+ } \
+ return type; \
}
static inline int convert_to_number(zval *retval, const char *str, const int str_len)