Fixed bug #41596 (Fixed a crash inside pdo_pgsql on some non-well-formed

SQL queries).

1 files changed, 26 insertions, 21 deletions

diff --git a/ext/pdo/pdo_sql_parser.c b/ext/pdo/pdo_sql_parser.c
index 2a8066a0da..83bc840d38 100644
--- a/ext/pdo/pdo_sql_parser.c
+++ b/ext/pdo/pdo_sql_parser.c
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.11.0 on Mon Mar  5 19:42:28 2007 */
+/* Generated by re2c 0.11.0 on Tue Jun  5 18:45:24 2007 */
 #line 1 "ext/pdo/pdo_sql_parser.re"
 /*
   +----------------------------------------------------------------------+
@@ -30,6 +30,7 @@
 #define PDO_PARSER_EOI 4
 
 #define RET(i) {s->cur = cursor; return i; }
+#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; }
 
 #define YYCTYPE         unsigned char
 #define YYCURSOR        cursor
@@ -46,7 +47,7 @@ static int scan(Scanner *s)
 	char *cursor = s->cur;
 
 	s->tok = cursor;
-	#line 54 "ext/pdo/pdo_sql_parser.re"
+	#line 55 "ext/pdo/pdo_sql_parser.re"
 
 
 	{
@@ -85,7 +86,7 @@ static int scan(Scanner *s)
 		200, 200, 200, 200, 200, 200, 200, 200, 
 	};
 
-#line 89 "ext/pdo/pdo_sql_parser.c"
+#line 90 "ext/pdo/pdo_sql_parser.c"
 	{
 		YYCTYPE yych;
 
@@ -103,9 +104,9 @@ yy2:
 		yych = *++YYCURSOR;
 		goto yy24;
 yy3:
-#line 62 "ext/pdo/pdo_sql_parser.re"
-		{ RET(PDO_PARSER_TEXT); }
-#line 109 "ext/pdo/pdo_sql_parser.c"
+#line 63 "ext/pdo/pdo_sql_parser.re"
+		{ SKIP_ONE(PDO_PARSER_TEXT); }
+#line 110 "ext/pdo/pdo_sql_parser.c"
 yy4:
 		yych = *++YYCURSOR;
 		goto yy20;
@@ -122,9 +123,9 @@ yy6:
 		if(yybm[0+(yych = *YYCURSOR)] & 16) {
 			goto yy13;
 		}
-#line 61 "ext/pdo/pdo_sql_parser.re"
+#line 62 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_BIND_POS); }
-#line 128 "ext/pdo/pdo_sql_parser.c"
+#line 129 "ext/pdo/pdo_sql_parser.c"
 yy8:
 		++YYCURSOR;
 		if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -132,14 +133,14 @@ yy8:
 		if(yybm[0+yych] & 8) {
 			goto yy8;
 		}
-#line 63 "ext/pdo/pdo_sql_parser.re"
+#line 64 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_TEXT); }
-#line 138 "ext/pdo/pdo_sql_parser.c"
+#line 139 "ext/pdo/pdo_sql_parser.c"
 yy11:
 		++YYCURSOR;
-#line 64 "ext/pdo/pdo_sql_parser.re"
+#line 65 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_EOI); }
-#line 143 "ext/pdo/pdo_sql_parser.c"
+#line 144 "ext/pdo/pdo_sql_parser.c"
 yy13:
 		++YYCURSOR;
 		if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -147,9 +148,9 @@ yy13:
 		if(yybm[0+yych] & 16) {
 			goto yy13;
 		}
-#line 59 "ext/pdo/pdo_sql_parser.re"
+#line 60 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_TEXT); }
-#line 153 "ext/pdo/pdo_sql_parser.c"
+#line 154 "ext/pdo/pdo_sql_parser.c"
 yy16:
 		++YYCURSOR;
 		if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -157,9 +158,9 @@ yy16:
 		if(yybm[0+yych] & 32) {
 			goto yy16;
 		}
-#line 60 "ext/pdo/pdo_sql_parser.re"
+#line 61 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_BIND); }
-#line 163 "ext/pdo/pdo_sql_parser.c"
+#line 164 "ext/pdo/pdo_sql_parser.c"
 yy19:
 		++YYCURSOR;
 		if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -169,9 +170,9 @@ yy20:
 			goto yy19;
 		}
 		++YYCURSOR;
-#line 58 "ext/pdo/pdo_sql_parser.re"
+#line 59 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_TEXT); }
-#line 175 "ext/pdo/pdo_sql_parser.c"
+#line 176 "ext/pdo/pdo_sql_parser.c"
 yy23:
 		++YYCURSOR;
 		if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -181,12 +182,12 @@ yy24:
 			goto yy23;
 		}
 		++YYCURSOR;
-#line 57 "ext/pdo/pdo_sql_parser.re"
+#line 58 "ext/pdo/pdo_sql_parser.re"
 		{ RET(PDO_PARSER_TEXT); }
-#line 187 "ext/pdo/pdo_sql_parser.c"
+#line 188 "ext/pdo/pdo_sql_parser.c"
 	}
 }
-#line 65 "ext/pdo/pdo_sql_parser.re"
+#line 66 "ext/pdo/pdo_sql_parser.re"
 	
 }
 
@@ -221,6 +222,10 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
 	while((t = scan(&s)) != PDO_PARSER_EOI) {
 		if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) {
 			if (t == PDO_PARSER_BIND) {
+				int len = s.cur - s.tok;
+				if ((inquery < (s.cur - len)) && isalnum(*(s.cur - len - 1))) {
+					continue;
+				}
 				query_type |= PDO_PLACEHOLDER_NAMED;
 			} else {
 				query_type |= PDO_PLACEHOLDER_POSITIONAL;