Skip to content

Instantly share code, notes, and snippets.

/74819.diff Secret
Created Jul 2, 2017

Embed
What would you like to do?
Patch for 74819
commit 0d25fae279caf240340fb6805a9c54c20154db95
Author: Stanislav Malyshev <stas@php.net>
Date: Sun Jul 2 15:00:17 2017 -0700
Fix bug #74819: wddx_deserialize() heap out-of-bound read via php_parse_date()
diff --git a/ext/date/lib/parse_date.c b/ext/date/lib/parse_date.c
index 1151c8d..da81d94 100644
--- a/ext/date/lib/parse_date.c
+++ b/ext/date/lib/parse_date.c
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.15.3 on Fri Sep 30 20:18:29 2016 */
+/* Generated by re2c 0.15.3 on Sun Jul 2 14:49:45 2017 */
#line 1 "ext/date/lib/parse_date.re"
/*
* The MIT License (MIT)
@@ -384,6 +384,9 @@ static timelib_sll timelib_meridian(char **ptr, timelib_sll h)
{
timelib_sll retval = 0;
+ if (**ptr == '\0') {
+ return 0;
+ }
while (!strchr("AaPp", **ptr)) {
++*ptr;
}
@@ -824,11 +827,11 @@ static int scan(Scanner *s, timelib_tz_get_wrapper tz_get_wrapper)
std:
s->tok = cursor;
s->len = 0;
-#line 950 "ext/date/lib/parse_date.re"
+#line 953 "ext/date/lib/parse_date.re"
-#line 832 "<stdout>"
+#line 835 "<stdout>"
{
YYCTYPE yych;
unsigned int yyaccept = 0;
@@ -963,7 +966,7 @@ yy2:
}
}
yy3:
-#line 1630 "ext/date/lib/parse_date.re"
+#line 1633 "ext/date/lib/parse_date.re"
{
int tz_not_found;
DEBUG_OUTPUT("tzcorrection | tz");
@@ -976,7 +979,7 @@ yy3:
TIMELIB_DEINIT;
return TIMELIB_TIMEZONE;
}
-#line 980 "<stdout>"
+#line 983 "<stdout>"
yy4:
yych = *++YYCURSOR;
if (yych <= 'E') {
@@ -1276,12 +1279,12 @@ yy11:
if (yych <= '/') goto yy12;
if (yych <= '9') goto yy1385;
yy12:
-#line 1725 "ext/date/lib/parse_date.re"
+#line 1728 "ext/date/lib/parse_date.re"
{
add_error(s, "Unexpected character");
goto std;
}
-#line 1285 "<stdout>"
+#line 1288 "<stdout>"
yy13:
yych = *++YYCURSOR;
if (yych <= 'R') {
@@ -2295,22 +2298,22 @@ yy48:
if (yych <= '/') goto yy49;
if (yych <= '9') goto yy54;
yy49:
-#line 1714 "ext/date/lib/parse_date.re"
+#line 1717 "ext/date/lib/parse_date.re"
{
goto std;
}
-#line 2303 "<stdout>"
+#line 2306 "<stdout>"
yy50:
yych = *++YYCURSOR;
goto yy49;
yy51:
++YYCURSOR;
-#line 1719 "ext/date/lib/parse_date.re"
+#line 1722 "ext/date/lib/parse_date.re"
{
s->pos = cursor; s->line++;
goto std;
}
-#line 2314 "<stdout>"
+#line 2317 "<stdout>"
yy53:
yych = *++YYCURSOR;
goto yy12;
@@ -2677,7 +2680,7 @@ yy71:
if (yych == 'S') goto yy73;
if (yych == 's') goto yy73;
yy72:
-#line 1698 "ext/date/lib/parse_date.re"
+#line 1701 "ext/date/lib/parse_date.re"
{
timelib_ull i;
DEBUG_OUTPUT("relative");
@@ -2692,7 +2695,7 @@ yy72:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 2696 "<stdout>"
+#line 2699 "<stdout>"
yy73:
yych = *++YYCURSOR;
if (yych == 'D') goto yy74;
@@ -3360,7 +3363,7 @@ yy165:
}
}
yy166:
-#line 1561 "ext/date/lib/parse_date.re"
+#line 1564 "ext/date/lib/parse_date.re"
{
const timelib_relunit* relunit;
DEBUG_OUTPUT("daytext");
@@ -3377,7 +3380,7 @@ yy166:
TIMELIB_DEINIT;
return TIMELIB_WEEKDAY;
}
-#line 3381 "<stdout>"
+#line 3384 "<stdout>"
yy167:
yych = *++YYCURSOR;
if (yych <= 'K') {
@@ -3870,7 +3873,7 @@ yy192:
}
}
yy193:
-#line 1620 "ext/date/lib/parse_date.re"
+#line 1623 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("monthtext");
TIMELIB_INIT;
@@ -3879,7 +3882,7 @@ yy193:
TIMELIB_DEINIT;
return TIMELIB_DATE_TEXT;
}
-#line 3883 "<stdout>"
+#line 3886 "<stdout>"
yy194:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 21) YYFILL(21);
@@ -3925,7 +3928,7 @@ yy197:
}
}
yy198:
-#line 1366 "ext/date/lib/parse_date.re"
+#line 1369 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("datetextual | datenoyear");
@@ -3938,7 +3941,7 @@ yy198:
TIMELIB_DEINIT;
return TIMELIB_DATE_TEXT;
}
-#line 3942 "<stdout>"
+#line 3945 "<stdout>"
yy199:
yyaccept = 6;
yych = *(YYMARKER = ++YYCURSOR);
@@ -4183,7 +4186,7 @@ yy221:
if (yych <= ':') goto yy224;
}
yy222:
-#line 1668 "ext/date/lib/parse_date.re"
+#line 1671 "ext/date/lib/parse_date.re"
{
int tz_not_found;
DEBUG_OUTPUT("dateshortwithtimeshort | dateshortwithtimelong | dateshortwithtimelongtz");
@@ -4212,7 +4215,7 @@ yy222:
TIMELIB_DEINIT;
return TIMELIB_SHORTDATE_WITH_TIME;
}
-#line 4216 "<stdout>"
+#line 4219 "<stdout>"
yy223:
yyaccept = 7;
yych = *(YYMARKER = ++YYCURSOR);
@@ -4854,7 +4857,7 @@ yy276:
}
yy277:
++YYCURSOR;
-#line 1644 "ext/date/lib/parse_date.re"
+#line 1647 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("dateshortwithtimeshort12 | dateshortwithtimelong12");
TIMELIB_INIT;
@@ -4877,7 +4880,7 @@ yy277:
TIMELIB_DEINIT;
return TIMELIB_SHORTDATE_WITH_TIME;
}
-#line 4881 "<stdout>"
+#line 4884 "<stdout>"
yy279:
yych = *++YYCURSOR;
if (yych <= 0x1F) {
@@ -5039,7 +5042,7 @@ yy292:
yy293:
++YYCURSOR;
yy294:
-#line 1338 "ext/date/lib/parse_date.re"
+#line 1341 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("datenoday");
@@ -5052,7 +5055,7 @@ yy294:
TIMELIB_DEINIT;
return TIMELIB_DATE_NO_DAY;
}
-#line 5056 "<stdout>"
+#line 5059 "<stdout>"
yy295:
yych = *++YYCURSOR;
if (yych <= '/') {
@@ -6203,7 +6206,7 @@ yy361:
if ((yych = *YYCURSOR) <= '/') goto yy363;
if (yych <= '9') goto yy364;
yy363:
-#line 1482 "ext/date/lib/parse_date.re"
+#line 1485 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("pgtextshort");
@@ -6216,7 +6219,7 @@ yy363:
TIMELIB_DEINIT;
return TIMELIB_PG_TEXT;
}
-#line 6220 "<stdout>"
+#line 6223 "<stdout>"
yy364:
yych = *++YYCURSOR;
if (yych <= '/') goto yy363;
@@ -6825,7 +6828,7 @@ yy391:
if (yych <= 'z') goto yy142;
}
yy392:
-#line 1540 "ext/date/lib/parse_date.re"
+#line 1543 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("ago");
TIMELIB_INIT;
@@ -6845,7 +6848,7 @@ yy392:
TIMELIB_DEINIT;
return TIMELIB_AGO;
}
-#line 6849 "<stdout>"
+#line 6852 "<stdout>"
yy393:
yyaccept = 5;
yych = *(YYMARKER = ++YYCURSOR);
@@ -8533,7 +8536,7 @@ yy452:
yy453:
++YYCURSOR;
yy454:
-#line 1243 "ext/date/lib/parse_date.re"
+#line 1246 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("iso8601date4 | iso8601date2 | iso8601dateslash | dateslash");
TIMELIB_INIT;
@@ -8544,7 +8547,7 @@ yy454:
TIMELIB_DEINIT;
return TIMELIB_ISO_DATE;
}
-#line 8548 "<stdout>"
+#line 8551 "<stdout>"
yy455:
yyaccept = 0;
yych = *(YYMARKER = ++YYCURSOR);
@@ -9080,7 +9083,7 @@ yy474:
}
}
yy475:
-#line 1380 "ext/date/lib/parse_date.re"
+#line 1383 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("datenoyearrev");
TIMELIB_INIT;
@@ -9091,7 +9094,7 @@ yy475:
TIMELIB_DEINIT;
return TIMELIB_DATE_TEXT;
}
-#line 9095 "<stdout>"
+#line 9098 "<stdout>"
yy476:
yyaccept = 10;
yych = *(YYMARKER = ++YYCURSOR);
@@ -9219,7 +9222,7 @@ yy485:
}
yy487:
++YYCURSOR;
-#line 1098 "ext/date/lib/parse_date.re"
+#line 1101 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("timetiny12 | timeshort12 | timelong12");
TIMELIB_INIT;
@@ -9235,7 +9238,7 @@ yy487:
TIMELIB_DEINIT;
return TIMELIB_TIME12;
}
-#line 9239 "<stdout>"
+#line 9242 "<stdout>"
yy489:
yyaccept = 11;
yych = *(YYMARKER = ++YYCURSOR);
@@ -9246,7 +9249,7 @@ yy489:
if (yych <= ':') goto yy492;
}
yy490:
-#line 1135 "ext/date/lib/parse_date.re"
+#line 1138 "ext/date/lib/parse_date.re"
{
int tz_not_found;
DEBUG_OUTPUT("timeshort24 | timelong24 | iso8601long");
@@ -9271,7 +9274,7 @@ yy490:
TIMELIB_DEINIT;
return TIMELIB_TIME24_WITH_ZONE;
}
-#line 9275 "<stdout>"
+#line 9278 "<stdout>"
yy491:
yyaccept = 11;
yych = *(YYMARKER = ++YYCURSOR);
@@ -9548,7 +9551,7 @@ yy520:
}
yy522:
++YYCURSOR;
-#line 1115 "ext/date/lib/parse_date.re"
+#line 1118 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("mssqltime");
TIMELIB_INIT;
@@ -9567,7 +9570,7 @@ yy522:
TIMELIB_DEINIT;
return TIMELIB_TIME24_WITH_ZONE;
}
-#line 9571 "<stdout>"
+#line 9574 "<stdout>"
yy524:
yyaccept = 11;
YYMARKER = ++YYCURSOR;
@@ -9662,7 +9665,7 @@ yy533:
if ((yych = *YYCURSOR) <= '/') goto yy534;
if (yych <= '9') goto yy540;
yy534:
-#line 1297 "ext/date/lib/parse_date.re"
+#line 1300 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("datefull");
@@ -9676,7 +9679,7 @@ yy534:
TIMELIB_DEINIT;
return TIMELIB_DATE_FULL;
}
-#line 9680 "<stdout>"
+#line 9683 "<stdout>"
yy535:
yych = *++YYCURSOR;
if (yych == 'M') goto yy536;
@@ -10340,7 +10343,7 @@ yy604:
if (yych <= '/') goto yy56;
if (yych >= ':') goto yy56;
++YYCURSOR;
-#line 1312 "ext/date/lib/parse_date.re"
+#line 1315 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("pointed date YYYY");
TIMELIB_INIT;
@@ -10351,7 +10354,7 @@ yy604:
TIMELIB_DEINIT;
return TIMELIB_DATE_FULL_POINTED;
}
-#line 10355 "<stdout>"
+#line 10358 "<stdout>"
yy607:
yyaccept = 11;
yych = *(YYMARKER = ++YYCURSOR);
@@ -10382,7 +10385,7 @@ yy610:
if (yych <= '/') goto yy611;
if (yych <= '9') goto yy604;
yy611:
-#line 1324 "ext/date/lib/parse_date.re"
+#line 1327 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("pointed date YY");
@@ -10395,7 +10398,7 @@ yy611:
TIMELIB_DEINIT;
return TIMELIB_DATE_FULL_POINTED;
}
-#line 10399 "<stdout>"
+#line 10402 "<stdout>"
yy612:
yyaccept = 11;
yych = *(YYMARKER = ++YYCURSOR);
@@ -10991,7 +10994,7 @@ yy655:
}
}
yy656:
-#line 1283 "ext/date/lib/parse_date.re"
+#line 1286 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("gnudateshort");
@@ -11004,7 +11007,7 @@ yy656:
TIMELIB_DEINIT;
return TIMELIB_ISO_DATE;
}
-#line 11008 "<stdout>"
+#line 11011 "<stdout>"
yy657:
yyaccept = 13;
yych = *(YYMARKER = ++YYCURSOR);
@@ -11100,7 +11103,7 @@ yy665:
}
}
yy666:
-#line 1227 "ext/date/lib/parse_date.re"
+#line 1230 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("americanshort | american");
@@ -11115,7 +11118,7 @@ yy666:
TIMELIB_DEINIT;
return TIMELIB_AMERICAN;
}
-#line 11119 "<stdout>"
+#line 11122 "<stdout>"
yy667:
yyaccept = 14;
yych = *(YYMARKER = ++YYCURSOR);
@@ -11314,7 +11317,7 @@ yy699:
if (yych <= '9') goto yy702;
if (yych <= ':') goto yy703;
yy700:
-#line 1510 "ext/date/lib/parse_date.re"
+#line 1513 "ext/date/lib/parse_date.re"
{
int tz_not_found;
DEBUG_OUTPUT("clf");
@@ -11334,7 +11337,7 @@ yy700:
TIMELIB_DEINIT;
return TIMELIB_CLF;
}
-#line 11338 "<stdout>"
+#line 11341 "<stdout>"
yy701:
yych = *++YYCURSOR;
if (yych <= '5') {
@@ -11821,7 +11824,7 @@ yy762:
if (yych <= 't') goto yy662;
}
yy763:
-#line 1255 "ext/date/lib/parse_date.re"
+#line 1258 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("iso8601date2");
@@ -11834,7 +11837,7 @@ yy763:
TIMELIB_DEINIT;
return TIMELIB_ISO_DATE;
}
-#line 11838 "<stdout>"
+#line 11841 "<stdout>"
yy764:
yych = *++YYCURSOR;
if (yych == 'C') goto yy765;
@@ -11865,7 +11868,7 @@ yy769:
if (yych >= '2') goto yy56;
yy770:
++YYCURSOR;
-#line 1496 "ext/date/lib/parse_date.re"
+#line 1499 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("pgtextreverse");
@@ -11878,7 +11881,7 @@ yy770:
TIMELIB_DEINIT;
return TIMELIB_PG_TEXT;
}
-#line 11882 "<stdout>"
+#line 11885 "<stdout>"
yy772:
yych = *++YYCURSOR;
if (yych == 'V') goto yy765;
@@ -12003,7 +12006,7 @@ yy782:
default: goto yy783;
}
yy783:
-#line 1531 "ext/date/lib/parse_date.re"
+#line 1534 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("year4");
TIMELIB_INIT;
@@ -12011,7 +12014,7 @@ yy783:
TIMELIB_DEINIT;
return TIMELIB_CLF;
}
-#line 12015 "<stdout>"
+#line 12018 "<stdout>"
yy784:
yych = *++YYCURSOR;
switch (yych) {
@@ -12149,7 +12152,7 @@ yy792:
if (yych <= 'X') goto yy883;
}
yy793:
-#line 1352 "ext/date/lib/parse_date.re"
+#line 1355 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("datenodayrev");
@@ -12162,7 +12165,7 @@ yy793:
TIMELIB_DEINIT;
return TIMELIB_DATE_NO_DAY;
}
-#line 12166 "<stdout>"
+#line 12169 "<stdout>"
yy794:
yych = *++YYCURSOR;
if (yych == 'I') goto yy927;
@@ -12356,7 +12359,7 @@ yy813:
if (yych <= '/') goto yy814;
if (yych <= '7') goto yy816;
yy814:
-#line 1463 "ext/date/lib/parse_date.re"
+#line 1466 "ext/date/lib/parse_date.re"
{
timelib_sll w, d;
DEBUG_OUTPUT("isoweek");
@@ -12374,14 +12377,14 @@ yy814:
TIMELIB_DEINIT;
return TIMELIB_ISO_WEEK;
}
-#line 12378 "<stdout>"
+#line 12381 "<stdout>"
yy815:
yych = *++YYCURSOR;
if (yych <= '/') goto yy56;
if (yych >= '8') goto yy56;
yy816:
++YYCURSOR;
-#line 1444 "ext/date/lib/parse_date.re"
+#line 1447 "ext/date/lib/parse_date.re"
{
timelib_sll w, d;
DEBUG_OUTPUT("isoweekday");
@@ -12399,7 +12402,7 @@ yy816:
TIMELIB_DEINIT;
return TIMELIB_ISO_WEEK;
}
-#line 12403 "<stdout>"
+#line 12406 "<stdout>"
yy818:
yych = *++YYCURSOR;
if (yych <= '/') goto yy60;
@@ -12459,7 +12462,7 @@ yy820:
}
}
yy821:
-#line 1430 "ext/date/lib/parse_date.re"
+#line 1433 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("pgydotd");
@@ -12472,7 +12475,7 @@ yy821:
TIMELIB_DEINIT;
return TIMELIB_PG_YEARDAY;
}
-#line 12476 "<stdout>"
+#line 12479 "<stdout>"
yy822:
yych = *++YYCURSOR;
if (yych <= '/') goto yy60;
@@ -12554,7 +12557,7 @@ yy840:
yy841:
++YYCURSOR;
yy842:
-#line 1404 "ext/date/lib/parse_date.re"
+#line 1407 "ext/date/lib/parse_date.re"
{
int tz_not_found;
DEBUG_OUTPUT("xmlrpc | xmlrpcnocolon | soap | wddx | exif");
@@ -12579,7 +12582,7 @@ yy842:
TIMELIB_DEINIT;
return TIMELIB_XMLRPC_SOAP;
}
-#line 12583 "<stdout>"
+#line 12586 "<stdout>"
yy843:
yych = *++YYCURSOR;
if (yych <= '2') {
@@ -12835,7 +12838,7 @@ yy847:
}
}
yy848:
-#line 1392 "ext/date/lib/parse_date.re"
+#line 1395 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("datenocolon");
TIMELIB_INIT;
@@ -12846,7 +12849,7 @@ yy848:
TIMELIB_DEINIT;
return TIMELIB_DATE_NOCOLON;
}
-#line 12850 "<stdout>"
+#line 12853 "<stdout>"
yy849:
yych = *++YYCURSOR;
if (yych <= 'H') {
@@ -13640,7 +13643,7 @@ yy972:
if (yych <= '/') goto yy973;
if (yych <= '9') goto yy995;
yy973:
-#line 1269 "ext/date/lib/parse_date.re"
+#line 1272 "ext/date/lib/parse_date.re"
{
int length = 0;
DEBUG_OUTPUT("gnudateshorter");
@@ -13653,7 +13656,7 @@ yy973:
TIMELIB_DEINIT;
return TIMELIB_ISO_DATE;
}
-#line 13657 "<stdout>"
+#line 13660 "<stdout>"
yy974:
yyaccept = 22;
yych = *(YYMARKER = ++YYCURSOR);
@@ -14565,7 +14568,7 @@ yy1065:
default: goto yy1067;
}
yy1067:
-#line 1161 "ext/date/lib/parse_date.re"
+#line 1164 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("gnunocolon");
TIMELIB_INIT;
@@ -14587,7 +14590,7 @@ yy1067:
TIMELIB_DEINIT;
return TIMELIB_GNU_NOCOLON;
}
-#line 14591 "<stdout>"
+#line 14594 "<stdout>"
yy1068:
yych = *++YYCURSOR;
if (yych <= '/') goto yy60;
@@ -14671,7 +14674,7 @@ yy1074:
}
}
yy1075:
-#line 1207 "ext/date/lib/parse_date.re"
+#line 1210 "ext/date/lib/parse_date.re"
{
int tz_not_found;
DEBUG_OUTPUT("iso8601nocolon");
@@ -14690,7 +14693,7 @@ yy1075:
TIMELIB_DEINIT;
return TIMELIB_ISO_NOCOLON;
}
-#line 14694 "<stdout>"
+#line 14697 "<stdout>"
yy1076:
yyaccept = 25;
yych = *(YYMARKER = ++YYCURSOR);
@@ -15546,7 +15549,7 @@ yy1116:
}
}
yy1117:
-#line 1603 "ext/date/lib/parse_date.re"
+#line 1606 "ext/date/lib/parse_date.re"
{
timelib_sll i;
int behavior = 0;
@@ -15562,7 +15565,7 @@ yy1117:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 15566 "<stdout>"
+#line 15569 "<stdout>"
yy1118:
++YYCURSOR;
if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
@@ -15604,7 +15607,7 @@ yy1124:
if (yych != 'f') goto yy56;
yy1125:
++YYCURSOR;
-#line 1076 "ext/date/lib/parse_date.re"
+#line 1079 "ext/date/lib/parse_date.re"
{
timelib_sll i;
int behavior = 0;
@@ -15625,7 +15628,7 @@ yy1125:
TIMELIB_DEINIT;
return TIMELIB_WEEK_DAY_OF_MONTH;
}
-#line 15629 "<stdout>"
+#line 15632 "<stdout>"
yy1127:
yyaccept = 26;
yych = *(YYMARKER = ++YYCURSOR);
@@ -15718,7 +15721,7 @@ yy1140:
}
}
yy1141:
-#line 1579 "ext/date/lib/parse_date.re"
+#line 1582 "ext/date/lib/parse_date.re"
{
timelib_sll i;
int behavior = 0;
@@ -15741,7 +15744,7 @@ yy1141:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 15745 "<stdout>"
+#line 15748 "<stdout>"
yy1142:
yych = *++YYCURSOR;
goto yy1117;
@@ -18265,7 +18268,7 @@ yy1293:
if (yych <= '9') goto yy1296;
goto yy1297;
yy1294:
-#line 1053 "ext/date/lib/parse_date.re"
+#line 1056 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("backof | frontof");
TIMELIB_INIT;
@@ -18287,7 +18290,7 @@ yy1294:
TIMELIB_DEINIT;
return TIMELIB_LF_DAY_OF_MONTH;
}
-#line 18291 "<stdout>"
+#line 18294 "<stdout>"
yy1295:
yyaccept = 28;
yych = *(YYMARKER = ++YYCURSOR);
@@ -18526,7 +18529,7 @@ yy1314:
if (yych != 'f') goto yy56;
yy1315:
++YYCURSOR;
-#line 1036 "ext/date/lib/parse_date.re"
+#line 1039 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("firstdayof | lastdayof");
TIMELIB_INIT;
@@ -18542,7 +18545,7 @@ yy1315:
TIMELIB_DEINIT;
return TIMELIB_LF_DAY_OF_MONTH;
}
-#line 18546 "<stdout>"
+#line 18549 "<stdout>"
yy1317:
yyaccept = 0;
yych = *(YYMARKER = ++YYCURSOR);
@@ -19902,7 +19905,7 @@ yy1385:
if (yych <= '/') goto yy1387;
if (yych <= '9') goto yy1385;
yy1387:
-#line 1010 "ext/date/lib/parse_date.re"
+#line 1013 "ext/date/lib/parse_date.re"
{
timelib_ull i;
@@ -19927,7 +19930,7 @@ yy1387:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 19931 "<stdout>"
+#line 19934 "<stdout>"
yy1388:
yych = *++YYCURSOR;
if (yych <= 'N') {
@@ -20333,7 +20336,7 @@ yy1415:
yy1416:
++YYCURSOR;
yy1417:
-#line 998 "ext/date/lib/parse_date.re"
+#line 1001 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("tomorrow");
TIMELIB_INIT;
@@ -20344,7 +20347,7 @@ yy1417:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 20348 "<stdout>"
+#line 20351 "<stdout>"
yy1418:
yych = *++YYCURSOR;
if (yych <= 'Y') {
@@ -20376,7 +20379,7 @@ yy1419:
if (yych <= 'z') goto yy144;
}
yy1420:
-#line 988 "ext/date/lib/parse_date.re"
+#line 991 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("midnight | today");
TIMELIB_INIT;
@@ -20385,7 +20388,7 @@ yy1420:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 20389 "<stdout>"
+#line 20392 "<stdout>"
yy1421:
yych = *++YYCURSOR;
if (yych <= 'S') {
@@ -22317,7 +22320,7 @@ yy1499:
if (yych <= 'z') goto yy142;
}
yy1500:
-#line 967 "ext/date/lib/parse_date.re"
+#line 970 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("now");
TIMELIB_INIT;
@@ -22325,7 +22328,7 @@ yy1500:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 22329 "<stdout>"
+#line 22332 "<stdout>"
yy1501:
yych = *++YYCURSOR;
if (yych <= 'N') {
@@ -22456,7 +22459,7 @@ yy1507:
if (yych <= 'z') goto yy143;
}
yy1508:
-#line 976 "ext/date/lib/parse_date.re"
+#line 979 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("noon");
TIMELIB_INIT;
@@ -22467,7 +22470,7 @@ yy1508:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 22471 "<stdout>"
+#line 22474 "<stdout>"
yy1509:
yyaccept = 0;
yych = *(YYMARKER = ++YYCURSOR);
@@ -22977,7 +22980,7 @@ yy1529:
yy1530:
++YYCURSOR;
yy1531:
-#line 955 "ext/date/lib/parse_date.re"
+#line 958 "ext/date/lib/parse_date.re"
{
DEBUG_OUTPUT("yesterday");
TIMELIB_INIT;
@@ -22988,7 +22991,7 @@ yy1531:
TIMELIB_DEINIT;
return TIMELIB_RELATIVE;
}
-#line 22992 "<stdout>"
+#line 22995 "<stdout>"
yy1532:
yyaccept = 0;
yych = *(YYMARKER = ++YYCURSOR);
@@ -23153,7 +23156,7 @@ yy1537:
goto yy1531;
}
}
-#line 1729 "ext/date/lib/parse_date.re"
+#line 1732 "ext/date/lib/parse_date.re"
}
diff --git a/ext/date/lib/parse_date.re b/ext/date/lib/parse_date.re
index 79dabe4..1bb1cd7 100644
--- a/ext/date/lib/parse_date.re
+++ b/ext/date/lib/parse_date.re
@@ -382,6 +382,9 @@ static timelib_sll timelib_meridian(char **ptr, timelib_sll h)
{
timelib_sll retval = 0;
+ if (**ptr == '\0') {
+ return 0;
+ }
while (!strchr("AaPp", **ptr)) {
++*ptr;
}
@msmeissn

This comment has been minimized.

Copy link

commented Jul 10, 2017

This could use some more checks from timelib_meridian_with_check ... like currently it needs aApP to appear and will happily run over the end of the string looking for it.

@msmeissn

This comment has been minimized.

Copy link

commented Jul 15, 2017

I think my comment is no longer valid...

The PHP team has committed this as fix for the issue: php/php-src@e8b7698

@apoleon

This comment has been minimized.

Copy link

commented Jul 17, 2017

@msmeissn

Then php/php-src@e8b7698 is the fix for CVE-2017-11146? Correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.