diff options
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | sapi/phpdbg/phpdbg_lexer.l | 6 | ||||
-rw-r--r-- | sapi/phpdbg/phpdbg_parser.y | 8 | ||||
-rw-r--r-- | sapi/phpdbg/tests/bug76813.phpt | 10 |
4 files changed, 24 insertions, 3 deletions
@@ -24,6 +24,9 @@ PHP NEWS . Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support). (Nikita) +- Phpdbg: + . Fixed bug #76813 (Access violation near NULL on source operand). (cmb) + - Standard: . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb) . Fixed bug #80411 (References to null-serialized object break serialize()). diff --git a/sapi/phpdbg/phpdbg_lexer.l b/sapi/phpdbg/phpdbg_lexer.l index 422cda4f2c..e57702ba0b 100644 --- a/sapi/phpdbg/phpdbg_lexer.l +++ b/sapi/phpdbg/phpdbg_lexer.l @@ -33,7 +33,7 @@ void phpdbg_init_lexer (phpdbg_param_t *stack, char *input) { YYSETCONDITION(INITIAL); - LEX(text) = YYCURSOR = (unsigned char *) input; + LEX(text) = YYCURSOR = YYMARKER = (unsigned char *) input; LEX(len) = strlen(input); } @@ -165,6 +165,10 @@ INPUT ("\\"[#"']|["]("\\\\"|"\\"["]|[^\n\000"])+["]|[']("\\"[']|"\\\\"|[^\ return T_ID; } +<NORMAL>* { + return T_UNEXPECTED; +} + <RAW>{INPUT} { phpdbg_init_param(yylval, STR_PARAM); yylval->str = estrdup(yytext); diff --git a/sapi/phpdbg/phpdbg_parser.y b/sapi/phpdbg/phpdbg_parser.y index 3031ce5a80..4c4a339c0a 100644 --- a/sapi/phpdbg/phpdbg_parser.y +++ b/sapi/phpdbg/phpdbg_parser.y @@ -63,11 +63,15 @@ typedef void* yyscan_t; %% /* Rules */ input - : command { $$ = $1; } - | input T_SEPARATOR command { phpdbg_stack_separate($1.top); $$ = $3; } + : non_empty_input { $$ = $1; } | /* empty */ ; +non_empty_input + : command { $$ = $1; } + | non_empty_input T_SEPARATOR command { phpdbg_stack_separate($1.top); $$ = $3; } + ; + command : parameters { $$.top = PHPDBG_G(parser_stack)->top; } | full_expression { phpdbg_stack_push(PHPDBG_G(parser_stack), &$1); $$.top = PHPDBG_G(parser_stack)->top; } diff --git a/sapi/phpdbg/tests/bug76813.phpt b/sapi/phpdbg/tests/bug76813.phpt new file mode 100644 index 0000000000..61e5e3fea6 --- /dev/null +++ b/sapi/phpdbg/tests/bug76813.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #76813 (Access_violation_near_NULL_on_source_operand) +--PHPDBG-- +"#!==)===\377\377\276\242=" +#!==)===\377\377\276\242= +--EXPECT-- +prompt> [Parse Error: syntax error, unexpected input, expecting $end] +prompt> [Parse Error: syntax error, unexpected # (pound sign), expecting $end] +prompt> [Parse Error: syntax error, unexpected # (pound sign), expecting $end] +prompt> |