iliaa Tue Jun 5 22:55:27 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/pdo pdo_sql_parser.re pdo_sql_parser.c /php-src NEWS Log: Fixed bug #41596 (Fixed a crash inside pdo_pgsql on some non-well-formed SQL queries). http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_sql_parser.re?r1=1.28.2.4.2.8&r2=1.28.2.4.2.9&diff_format=u Index: php-src/ext/pdo/pdo_sql_parser.re diff -u php-src/ext/pdo/pdo_sql_parser.re:1.28.2.4.2.8 php-src/ext/pdo/pdo_sql_parser.re:1.28.2.4.2.9 --- php-src/ext/pdo/pdo_sql_parser.re:1.28.2.4.2.8 Tue Mar 6 00:52:55 2007 +++ php-src/ext/pdo/pdo_sql_parser.re Tue Jun 5 22:55:26 2007 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: pdo_sql_parser.re,v 1.28.2.4.2.8 2007/03/06 00:52:55 iliaa Exp $ */ +/* $Id: pdo_sql_parser.re,v 1.28.2.4.2.9 2007/06/05 22:55:26 iliaa Exp $ */ #include "php.h" #include "php_pdo_driver.h" @@ -28,6 +28,7 @@ #define PDO_PARSER_EOI 4 #define RET(i) {s->cur = cursor; return i; } +#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; } #define YYCTYPE unsigned char #define YYCURSOR cursor @@ -57,9 +58,9 @@ (["] ([^"])* ["]) { RET(PDO_PARSER_TEXT); } (['] ([^'])* [']) { RET(PDO_PARSER_TEXT); } MULTICHAR{2,} { RET(PDO_PARSER_TEXT); } - BINDCHR { RET(PDO_PARSER_BIND); } + BINDCHR { RET(PDO_PARSER_BIND); } QUESTION { RET(PDO_PARSER_BIND_POS); } - SPECIALS { RET(PDO_PARSER_TEXT); } + SPECIALS { SKIP_ONE(PDO_PARSER_TEXT); } (ANYNOEOF\SPECIALS)+ { RET(PDO_PARSER_TEXT); } EOF { RET(PDO_PARSER_EOI); } */ @@ -96,6 +97,10 @@ while((t = scan(&s)) != PDO_PARSER_EOI) { if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) { if (t == PDO_PARSER_BIND) { + int len = s.cur - s.tok; + if ((inquery < (s.cur - len)) && isalnum(*(s.cur - len - 1))) { + continue; + } query_type |= PDO_PLACEHOLDER_NAMED; } else { query_type |= PDO_PLACEHOLDER_POSITIONAL; http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_sql_parser.c?r1=1.35.2.6.2.11&r2=1.35.2.6.2.12&diff_format=u Index: php-src/ext/pdo/pdo_sql_parser.c diff -u php-src/ext/pdo/pdo_sql_parser.c:1.35.2.6.2.11 php-src/ext/pdo/pdo_sql_parser.c:1.35.2.6.2.12 --- php-src/ext/pdo/pdo_sql_parser.c:1.35.2.6.2.11 Tue Mar 6 00:52:55 2007 +++ php-src/ext/pdo/pdo_sql_parser.c Tue Jun 5 22:55:26 2007 @@ -1,4 +1,4 @@ -/* Generated by re2c 0.11.0 on Mon Mar 5 19:42:28 2007 */ +/* Generated by re2c 0.11.0 on Tue Jun 5 18:45:24 2007 */ #line 1 "ext/pdo/pdo_sql_parser.re" /* +----------------------------------------------------------------------+ @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: pdo_sql_parser.c,v 1.35.2.6.2.11 2007/03/06 00:52:55 iliaa Exp $ */ +/* $Id: pdo_sql_parser.c,v 1.35.2.6.2.12 2007/06/05 22:55:26 iliaa Exp $ */ #include "php.h" #include "php_pdo_driver.h" @@ -30,6 +30,7 @@ #define PDO_PARSER_EOI 4 #define RET(i) {s->cur = cursor; return i; } +#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; } #define YYCTYPE unsigned char #define YYCURSOR cursor @@ -46,7 +47,7 @@ char *cursor = s->cur; s->tok = cursor; - #line 54 "ext/pdo/pdo_sql_parser.re" + #line 55 "ext/pdo/pdo_sql_parser.re" { @@ -85,7 +86,7 @@ 200, 200, 200, 200, 200, 200, 200, 200, }; -#line 89 "ext/pdo/pdo_sql_parser.c" +#line 90 "ext/pdo/pdo_sql_parser.c" { YYCTYPE yych; @@ -103,9 +104,9 @@ yych = *++YYCURSOR; goto yy24; yy3: -#line 62 "ext/pdo/pdo_sql_parser.re" - { RET(PDO_PARSER_TEXT); } -#line 109 "ext/pdo/pdo_sql_parser.c" +#line 63 "ext/pdo/pdo_sql_parser.re" + { SKIP_ONE(PDO_PARSER_TEXT); } +#line 110 "ext/pdo/pdo_sql_parser.c" yy4: yych = *++YYCURSOR; goto yy20; @@ -122,9 +123,9 @@ if(yybm[0+(yych = *YYCURSOR)] & 16) { goto yy13; } -#line 61 "ext/pdo/pdo_sql_parser.re" +#line 62 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_BIND_POS); } -#line 128 "ext/pdo/pdo_sql_parser.c" +#line 129 "ext/pdo/pdo_sql_parser.c" yy8: ++YYCURSOR; if(YYLIMIT == YYCURSOR) YYFILL(1); @@ -132,14 +133,14 @@ if(yybm[0+yych] & 8) { goto yy8; } -#line 63 "ext/pdo/pdo_sql_parser.re" +#line 64 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 138 "ext/pdo/pdo_sql_parser.c" +#line 139 "ext/pdo/pdo_sql_parser.c" yy11: ++YYCURSOR; -#line 64 "ext/pdo/pdo_sql_parser.re" +#line 65 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_EOI); } -#line 143 "ext/pdo/pdo_sql_parser.c" +#line 144 "ext/pdo/pdo_sql_parser.c" yy13: ++YYCURSOR; if(YYLIMIT == YYCURSOR) YYFILL(1); @@ -147,9 +148,9 @@ if(yybm[0+yych] & 16) { goto yy13; } -#line 59 "ext/pdo/pdo_sql_parser.re" +#line 60 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 153 "ext/pdo/pdo_sql_parser.c" +#line 154 "ext/pdo/pdo_sql_parser.c" yy16: ++YYCURSOR; if(YYLIMIT == YYCURSOR) YYFILL(1); @@ -157,9 +158,9 @@ if(yybm[0+yych] & 32) { goto yy16; } -#line 60 "ext/pdo/pdo_sql_parser.re" +#line 61 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_BIND); } -#line 163 "ext/pdo/pdo_sql_parser.c" +#line 164 "ext/pdo/pdo_sql_parser.c" yy19: ++YYCURSOR; if(YYLIMIT == YYCURSOR) YYFILL(1); @@ -169,9 +170,9 @@ goto yy19; } ++YYCURSOR; -#line 58 "ext/pdo/pdo_sql_parser.re" +#line 59 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 175 "ext/pdo/pdo_sql_parser.c" +#line 176 "ext/pdo/pdo_sql_parser.c" yy23: ++YYCURSOR; if(YYLIMIT == YYCURSOR) YYFILL(1); @@ -181,12 +182,12 @@ goto yy23; } ++YYCURSOR; -#line 57 "ext/pdo/pdo_sql_parser.re" +#line 58 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 187 "ext/pdo/pdo_sql_parser.c" +#line 188 "ext/pdo/pdo_sql_parser.c" } } -#line 65 "ext/pdo/pdo_sql_parser.re" +#line 66 "ext/pdo/pdo_sql_parser.re" } @@ -221,6 +222,10 @@ while((t = scan(&s)) != PDO_PARSER_EOI) { if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) { if (t == PDO_PARSER_BIND) { + int len = s.cur - s.tok; + if ((inquery < (s.cur - len)) && isalnum(*(s.cur - len - 1))) { + continue; + } query_type |= PDO_PLACEHOLDER_NAMED; } else { query_type |= PDO_PLACEHOLDER_POSITIONAL; http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.759&r2=1.2027.2.547.2.760&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.759 php-src/NEWS:1.2027.2.547.2.760 --- php-src/NEWS:1.2027.2.547.2.759 Tue Jun 5 10:03:12 2007 +++ php-src/NEWS Tue Jun 5 22:55:27 2007 @@ -9,6 +9,8 @@ - Fixed crash in ZipArchive::addEmptyDir when a directory already exists (pecl bug #11216) (Pierre) GD_RELEASE_VERSION, GD_EXTRA_VERSION and GD_VERSION_STRING. (Pierre) +- Fixed bug #41596 (Fixed a crash inside pdo_pgsql on some non-well-formed + SQL queries). (Ilia) - Fixed bug #41594 (Statement cache is flushed too frequently). (Tony) - Fixed bug #41582 (SimpleXML crashes when accessing newly created element). (Tony)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php