diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-11-30 12:32:45 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-11-30 12:33:13 +0100 |
commit | 666833b238759e4f08bfa138f61c8038efb738b5 (patch) | |
tree | 3c67f426cb066d8c95e6d8520e58d2243de51d34 /sapi | |
parent | d5a82e2c4eebe8337ff7790db46d812af2fbcec9 (diff) | |
parent | 5e15c9c41f8318a8392c2e2c78544f218736549c (diff) | |
download | php-git-666833b238759e4f08bfa138f61c8038efb738b5.tar.gz |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fix #76813: Access violation near NULL on source operand
Diffstat (limited to 'sapi')
-rw-r--r-- | sapi/phpdbg/phpdbg_lexer.l | 6 | ||||
-rw-r--r-- | sapi/phpdbg/phpdbg_parser.y | 8 | ||||
-rw-r--r-- | sapi/phpdbg/tests/bug76813.phpt | 10 |
3 files changed, 21 insertions, 3 deletions
diff --git a/sapi/phpdbg/phpdbg_lexer.l b/sapi/phpdbg/phpdbg_lexer.l index 422cda4f2c..e57702ba0b 100644 --- a/sapi/phpdbg/phpdbg_lexer.l +++ b/sapi/phpdbg/phpdbg_lexer.l @@ -33,7 +33,7 @@ void phpdbg_init_lexer (phpdbg_param_t *stack, char *input) { YYSETCONDITION(INITIAL); - LEX(text) = YYCURSOR = (unsigned char *) input; + LEX(text) = YYCURSOR = YYMARKER = (unsigned char *) input; LEX(len) = strlen(input); } @@ -165,6 +165,10 @@ INPUT ("\\"[#"']|["]("\\\\"|"\\"["]|[^\n\000"])+["]|[']("\\"[']|"\\\\"|[^\ return T_ID; } +<NORMAL>* { + return T_UNEXPECTED; +} + <RAW>{INPUT} { phpdbg_init_param(yylval, STR_PARAM); yylval->str = estrdup(yytext); diff --git a/sapi/phpdbg/phpdbg_parser.y b/sapi/phpdbg/phpdbg_parser.y index f776586810..cdfe92570e 100644 --- a/sapi/phpdbg/phpdbg_parser.y +++ b/sapi/phpdbg/phpdbg_parser.y @@ -63,11 +63,15 @@ ZEND_EXTERN_MODULE_GLOBALS(phpdbg) %% /* Rules */ input - : command { $$ = $1; } - | input T_SEPARATOR command { phpdbg_stack_separate($1.top); $$ = $3; } + : non_empty_input { $$ = $1; } | %empty ; +non_empty_input + : command { $$ = $1; } + | non_empty_input T_SEPARATOR command { phpdbg_stack_separate($1.top); $$ = $3; } + ; + command : parameters { $$.top = PHPDBG_G(parser_stack)->top; } | full_expression { phpdbg_stack_push(PHPDBG_G(parser_stack), &$1); $$.top = PHPDBG_G(parser_stack)->top; } diff --git a/sapi/phpdbg/tests/bug76813.phpt b/sapi/phpdbg/tests/bug76813.phpt new file mode 100644 index 0000000000..61e5e3fea6 --- /dev/null +++ b/sapi/phpdbg/tests/bug76813.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #76813 (Access_violation_near_NULL_on_source_operand) +--PHPDBG-- +"#!==)===\377\377\276\242=" +#!==)===\377\377\276\242= +--EXPECT-- +prompt> [Parse Error: syntax error, unexpected input, expecting $end] +prompt> [Parse Error: syntax error, unexpected # (pound sign), expecting $end] +prompt> [Parse Error: syntax error, unexpected # (pound sign), expecting $end] +prompt> |