diff options
| author | Stanislav Malyshev <stas@php.net> | 2014-05-11 19:34:21 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2014-06-15 00:33:24 -0700 |
| commit | 3c328f09840c58698cedd6bbd30bdc8a24f5b41f (patch) | |
| tree | 6a75f29a9015e8e18cf05714539d5126889b13a1 | |
| parent | d780c2a673ef25166aaec994f14bfec4f57ab8dd (diff) | |
| download | php-git-3c328f09840c58698cedd6bbd30bdc8a24f5b41f.tar.gz | |
Fix bug #67251 - date_parse_from_format out-of-bounds read
Conflicts:
ext/date/lib/parse_date.c
ext/date/lib/parse_date.re
| -rw-r--r-- | ext/date/lib/parse_date.c | 6 | ||||
| -rw-r--r-- | ext/date/lib/parse_date.re | 6 | ||||
| -rw-r--r-- | ext/date/tests/bug67251.phpt | 38 |
3 files changed, 48 insertions, 2 deletions
diff --git a/ext/date/lib/parse_date.c b/ext/date/lib/parse_date.c index 8583f30a59..a3364ef7f8 100644 --- a/ext/date/lib/parse_date.c +++ b/ext/date/lib/parse_date.c @@ -25121,7 +25121,11 @@ timelib_time *timelib_parse_from_format(char *format, char *string, int len, tim break; case '\\': /* escaped char */ - *fptr++; + if(!fptr[1]) { + add_pbf_error(s, "Escaped character expected", string, begin); + break; + } + fptr++; if (*ptr == *fptr) { ++ptr; } else { diff --git a/ext/date/lib/parse_date.re b/ext/date/lib/parse_date.re index b130fd0e57..1fbd670592 100644 --- a/ext/date/lib/parse_date.re +++ b/ext/date/lib/parse_date.re @@ -2128,7 +2128,11 @@ timelib_time *timelib_parse_from_format(char *format, char *string, int len, tim break; case '\\': /* escaped char */ - *fptr++; + if(!fptr[1]) { + add_pbf_error(s, "Escaped character expected", string, begin); + break; + } + fptr++; if (*ptr == *fptr) { ++ptr; } else { diff --git a/ext/date/tests/bug67251.phpt b/ext/date/tests/bug67251.phpt new file mode 100644 index 0000000000..68c56a1613 --- /dev/null +++ b/ext/date/tests/bug67251.phpt @@ -0,0 +1,38 @@ +--TEST-- +Bug #67251 (date_parse_from_format out-of-bounds read) +--INI-- +date.timezone=Europe/Berlin +--FILE-- +<?php +var_dump(date_parse_from_format("\\","AAAABBBB")); +--EXPECT-- +array(12) { + ["year"]=> + bool(false) + ["month"]=> + bool(false) + ["day"]=> + bool(false) + ["hour"]=> + bool(false) + ["minute"]=> + bool(false) + ["second"]=> + bool(false) + ["fraction"]=> + bool(false) + ["warning_count"]=> + int(0) + ["warnings"]=> + array(0) { + } + ["error_count"]=> + int(2) + ["errors"]=> + array(1) { + [0]=> + string(13) "Trailing data" + } + ["is_localtime"]=> + bool(false) +} |