diff options
| author | Stanislav Malyshev <stas@php.net> | 2014-05-13 16:52:17 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2014-05-13 16:52:45 -0700 |
| commit | dc92e81922405646f4e7f124d96643243088e0a6 (patch) | |
| tree | e8558709fa60c0ebbacdfc8e5c429a8243a6d8f8 | |
| parent | 0094fd096905d2d3e53b12c76cfc27976dc2db03 (diff) | |
| parent | 0a80849250162d89b674f7e65144e463e107b8cd (diff) | |
| download | php-git-dc92e81922405646f4e7f124d96643243088e0a6.tar.gz | |
Merge branch 'bug67251' into PHP-5.4
* bug67251:
Fix bug #67251 - date_parse_from_format out-of-bounds read
Conflicts:
ext/date/lib/parse_date.c
| -rw-r--r-- | ext/date/lib/parse_date.c | 6 | ||||
| -rw-r--r-- | ext/date/lib/parse_date.re | 4 | ||||
| -rw-r--r-- | ext/date/tests/bug67251.phpt | 38 |
3 files changed, 47 insertions, 1 deletions
diff --git a/ext/date/lib/parse_date.c b/ext/date/lib/parse_date.c index 14a6d73c32..d7db06f4fc 100644 --- a/ext/date/lib/parse_date.c +++ b/ext/date/lib/parse_date.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Tue May 13 16:47:20 2014 */ +/* Generated by re2c 0.13.5 on Tue May 13 16:52:44 2014 */ #line 1 "ext/date/lib/parse_date.re" /* +----------------------------------------------------------------------+ @@ -25127,6 +25127,10 @@ timelib_time *timelib_parse_from_format(char *format, char *string, int len, tim break; case '\\': /* escaped char */ + if(!fptr[1]) { + add_pbf_error(s, "Escaped character expected", string, begin); + break; + } fptr++; if (*ptr == *fptr) { ++ptr; diff --git a/ext/date/lib/parse_date.re b/ext/date/lib/parse_date.re index dad5bb4b25..66efba1589 100644 --- a/ext/date/lib/parse_date.re +++ b/ext/date/lib/parse_date.re @@ -2134,6 +2134,10 @@ timelib_time *timelib_parse_from_format(char *format, char *string, int len, tim break; case '\\': /* escaped char */ + if(!fptr[1]) { + add_pbf_error(s, "Escaped character expected", string, begin); + break; + } fptr++; if (*ptr == *fptr) { ++ptr; diff --git a/ext/date/tests/bug67251.phpt b/ext/date/tests/bug67251.phpt new file mode 100644 index 0000000000..68c56a1613 --- /dev/null +++ b/ext/date/tests/bug67251.phpt @@ -0,0 +1,38 @@ +--TEST-- +Bug #67251 (date_parse_from_format out-of-bounds read) +--INI-- +date.timezone=Europe/Berlin +--FILE-- +<?php +var_dump(date_parse_from_format("\\","AAAABBBB")); +--EXPECT-- +array(12) { + ["year"]=> + bool(false) + ["month"]=> + bool(false) + ["day"]=> + bool(false) + ["hour"]=> + bool(false) + ["minute"]=> + bool(false) + ["second"]=> + bool(false) + ["fraction"]=> + bool(false) + ["warning_count"]=> + int(0) + ["warnings"]=> + array(0) { + } + ["error_count"]=> + int(2) + ["errors"]=> + array(1) { + [0]=> + string(13) "Trailing data" + } + ["is_localtime"]=> + bool(false) +} |