mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
ac9964502c
We're not relying on re2c's bounds checking mechanism because re2c:yyfill:check = 0; is set. We just return 0 if we read over the end of the input in YYFILL. Note that we used to use the "any character" wildcard in the comment regexes. But that means if we go over the end in the comment regexes, we don't know that and it's just like the 0 bytes are part of the token. Since a 0 byte already is considered as an end-of-file, we can just block those in the regex. For the regexes with newlines, I had to not only include \x00 in the denylist, but also \n and \r because otherwise it would greedily match those and let the single-line comment run over multiple lines.
25 lines
560 B
PHP
25 lines
560 B
PHP
--TEST--
|
|
GH-10634 (Lexing memory corruption)
|
|
--FILE--
|
|
<?php
|
|
function test_input($input) {
|
|
try {
|
|
eval($input);
|
|
} catch(Throwable $e) {
|
|
var_dump($e->getMessage());
|
|
}
|
|
}
|
|
|
|
test_input("y&/*");
|
|
test_input("y&/**");
|
|
test_input("y&#");
|
|
test_input("y&# ");
|
|
test_input("y&//");
|
|
?>
|
|
--EXPECT--
|
|
string(36) "Unterminated comment starting line 1"
|
|
string(36) "Unterminated comment starting line 1"
|
|
string(36) "syntax error, unexpected end of file"
|
|
string(36) "syntax error, unexpected end of file"
|
|
string(36) "syntax error, unexpected end of file"
|