diff options
author | Xinchen Hui <laruence@gmail.com> | 2020-02-10 13:01:51 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@gmail.com> | 2020-02-10 13:01:51 +0800 |
commit | 6295ff77b780705d132b15990c2904d2fe596e57 (patch) | |
tree | 44f1e68cbcbc7a6b1d01ca5d55ba29cd76522754 | |
parent | 01eab11cee751bf64364a0b778e05c9018abb75a (diff) | |
download | php-git-6295ff77b780705d132b15990c2904d2fe596e57.tar.gz |
Fixed bug #79244 (php crashes during parsing INI file). (Laruence)
Cherry-picked the fix(not sure why this wasn't merged to 7.4) for:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections)
Section name should not be typed(NULL, FALSE, TRUE etc)
Conflicts:
Zend/zend_ini_scanner.c
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | Zend/tests/bug77589.phpt | 40 | ||||
-rw-r--r-- | Zend/zend_ini_scanner.l | 15 |
3 files changed, 51 insertions, 7 deletions
@@ -3,6 +3,9 @@ PHP NEWS ?? ??? ????, PHP 7.4.4 +- Core: + . Fixed bug #79244 (php crashes during parsing INI file). (Laruence) + - COM: . Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location). (cmb) diff --git a/Zend/tests/bug77589.phpt b/Zend/tests/bug77589.phpt new file mode 100644 index 0000000000..ad07ee1351 --- /dev/null +++ b/Zend/tests/bug77589.phpt @@ -0,0 +1,40 @@ +--TEST-- +BUG #77589 (Core dump using parse_ini_string with numeric sections) +--FILE-- +<?php +var_dump( + parse_ini_string(<<<INI +[0] +a = 1 +b = on +c = true + +["true"] +a = 100 +b = null +c = yes +INI +, TRUE, INI_SCANNER_TYPED)); + +?> +--EXPECT-- +array(2) { + [0]=> + array(3) { + ["a"]=> + int(1) + ["b"]=> + bool(true) + ["c"]=> + bool(true) + } + ["true"]=> + array(3) { + ["a"]=> + int(100) + ["b"]=> + NULL + ["c"]=> + bool(true) + } +} diff --git a/Zend/zend_ini_scanner.l b/Zend/zend_ini_scanner.l index f71f0b9193..1f4bc34742 100644 --- a/Zend/zend_ini_scanner.l +++ b/Zend/zend_ini_scanner.l @@ -141,13 +141,14 @@ ZEND_API zend_ini_scanner_globals ini_scanner_globals; ZVAL_NEW_STR(retval, zend_string_init(str, len, ZEND_SYSTEM_INI)) -#define RETURN_TOKEN(type, str, len) { \ - if (SCNG(scanner_mode) == ZEND_INI_SCANNER_TYPED) { \ - zend_ini_copy_typed_value(ini_lval, type, str, len); \ - } else { \ - zend_ini_copy_value(ini_lval, str, len); \ - } \ - return type; \ +#define RETURN_TOKEN(type, str, len) { \ + if (SCNG(scanner_mode) == ZEND_INI_SCANNER_TYPED && \ + (YYSTATE == STATE(ST_VALUE) || YYSTATE == STATE(ST_RAW))) {\ + zend_ini_copy_typed_value(ini_lval, type, str, len); \ + } else { \ + zend_ini_copy_value(ini_lval, str, len); \ + } \ + return type; \ } static inline int convert_to_number(zval *retval, const char *str, const int str_len) |