iliaa Tue Jun 5 22:56:57 2007 UTC
Modified files:
/php-src/ext/pdo pdo_sql_parser.re pdo_sql_parser.c
Log:
MFB: Fixed bug #41596 (Fixed a crash inside pdo_pgsql on some
non-well-formed SQL queries).
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_sql_parser.re?r1=1.39&r2=1.40&diff_format=u
Index: php-src/ext/pdo/pdo_sql_parser.re
diff -u php-src/ext/pdo/pdo_sql_parser.re:1.39
php-src/ext/pdo/pdo_sql_parser.re:1.40
--- php-src/ext/pdo/pdo_sql_parser.re:1.39 Mon May 28 23:43:24 2007
+++ php-src/ext/pdo/pdo_sql_parser.re Tue Jun 5 22:56:57 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: pdo_sql_parser.re,v 1.39 2007/05/28 23:43:24 iliaa Exp $ */
+/* $Id: pdo_sql_parser.re,v 1.40 2007/06/05 22:56:57 iliaa Exp $ */
#include "php.h"
#include "php_pdo_driver.h"
@@ -28,6 +28,7 @@
#define PDO_PARSER_EOI 4
#define RET(i) {s->cur = cursor; return i; }
+#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; }
#define YYCTYPE unsigned char
#define YYCURSOR cursor
@@ -58,7 +59,7 @@
SPECIALS{2,}
{ RET(PDO_PARSER_TEXT); }
BINDCHR
{ RET(PDO_PARSER_BIND); }
QUESTION
{ RET(PDO_PARSER_BIND_POS); }
- SPECIALS
{ RET(PDO_PARSER_TEXT); }
+ SPECIALS
{ SKIP_ONE(PDO_PARSER_TEXT); }
(ANYNOEOF\SPECIALS)+ {
RET(PDO_PARSER_TEXT); }
EOF
{ RET(PDO_PARSER_EOI); }
*/
@@ -95,6 +96,10 @@
while((t = scan(&s)) != PDO_PARSER_EOI) {
if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) {
if (t == PDO_PARSER_BIND) {
+ int len = s.cur - s.tok;
+ if ((inquery < (s.cur - len)) &&
isalnum(*(s.cur - len - 1))) {
+ continue;
+ }
query_type |= PDO_PLACEHOLDER_NAMED;
} else {
query_type |= PDO_PLACEHOLDER_POSITIONAL;
http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_sql_parser.c?r1=1.53&r2=1.54&diff_format=u
Index: php-src/ext/pdo/pdo_sql_parser.c
diff -u php-src/ext/pdo/pdo_sql_parser.c:1.53
php-src/ext/pdo/pdo_sql_parser.c:1.54
--- php-src/ext/pdo/pdo_sql_parser.c:1.53 Mon May 28 23:43:24 2007
+++ php-src/ext/pdo/pdo_sql_parser.c Tue Jun 5 22:56:57 2007
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.10.4 on Wed Jan 3 22:02:19 2007 */
+/* Generated by re2c 0.11.0 on Tue Jun 5 18:56:17 2007 */
#line 1 "ext/pdo/pdo_sql_parser.re"
/*
+----------------------------------------------------------------------+
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: pdo_sql_parser.c,v 1.53 2007/05/28 23:43:24 iliaa Exp $ */
+/* $Id: pdo_sql_parser.c,v 1.54 2007/06/05 22:56:57 iliaa Exp $ */
#include "php.h"
#include "php_pdo_driver.h"
@@ -30,6 +30,7 @@
#define PDO_PARSER_EOI 4
#define RET(i) {s->cur = cursor; return i; }
+#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; }
#define YYCTYPE unsigned char
#define YYCURSOR cursor
@@ -46,7 +47,7 @@
char *cursor = s->cur;
s->tok = cursor;
- #line 53 "ext/pdo/pdo_sql_parser.re"
+ #line 54 "ext/pdo/pdo_sql_parser.re"
{
@@ -85,7 +86,7 @@
162, 162, 162, 162, 162, 162, 162, 162,
};
-#line 89 "ext/pdo/pdo_sql_parser.c"
+#line 90 "ext/pdo/pdo_sql_parser.c"
{
YYCTYPE yych;
@@ -107,9 +108,9 @@
if(yych == '"') goto yy26;
goto yy30;
yy3:
-#line 61 "ext/pdo/pdo_sql_parser.re"
- { RET(PDO_PARSER_TEXT); }
-#line 113 "ext/pdo/pdo_sql_parser.c"
+#line 62 "ext/pdo/pdo_sql_parser.re"
+ { SKIP_ONE(PDO_PARSER_TEXT); }
+#line 114 "ext/pdo/pdo_sql_parser.c"
yy4:
yych = *++YYCURSOR;
if(yybm[0+yych] & 16) {
@@ -142,9 +143,9 @@
if(yybm[0+(yych = *YYCURSOR)] & 4) {
goto yy13;
}
-#line 60 "ext/pdo/pdo_sql_parser.re"
+#line 61 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_BIND_POS); }
-#line 148 "ext/pdo/pdo_sql_parser.c"
+#line 149 "ext/pdo/pdo_sql_parser.c"
yy8:
++YYCURSOR;
if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -152,14 +153,14 @@
if(yybm[0+yych] & 2) {
goto yy8;
}
-#line 62 "ext/pdo/pdo_sql_parser.re"
+#line 63 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_TEXT); }
-#line 158 "ext/pdo/pdo_sql_parser.c"
+#line 159 "ext/pdo/pdo_sql_parser.c"
yy11:
++YYCURSOR;
-#line 63 "ext/pdo/pdo_sql_parser.re"
+#line 64 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_EOI); }
-#line 163 "ext/pdo/pdo_sql_parser.c"
+#line 164 "ext/pdo/pdo_sql_parser.c"
yy13:
++YYCURSOR;
if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -167,9 +168,9 @@
if(yybm[0+yych] & 4) {
goto yy13;
}
-#line 58 "ext/pdo/pdo_sql_parser.re"
+#line 59 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_TEXT); }
-#line 173 "ext/pdo/pdo_sql_parser.c"
+#line 174 "ext/pdo/pdo_sql_parser.c"
yy16:
++YYCURSOR;
if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -177,9 +178,9 @@
if(yybm[0+yych] & 8) {
goto yy16;
}
-#line 59 "ext/pdo/pdo_sql_parser.re"
+#line 60 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_BIND); }
-#line 183 "ext/pdo/pdo_sql_parser.c"
+#line 184 "ext/pdo/pdo_sql_parser.c"
yy19:
if((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
@@ -193,9 +194,9 @@
goto yy13;
}
yy22:
-#line 57 "ext/pdo/pdo_sql_parser.re"
+#line 58 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_TEXT); }
-#line 199 "ext/pdo/pdo_sql_parser.c"
+#line 200 "ext/pdo/pdo_sql_parser.c"
yy23:
++YYCURSOR;
if(YYLIMIT == YYCURSOR) YYFILL(1);
@@ -211,9 +212,9 @@
goto yy13;
}
yy27:
-#line 56 "ext/pdo/pdo_sql_parser.re"
+#line 57 "ext/pdo/pdo_sql_parser.re"
{ RET(PDO_PARSER_TEXT); }
-#line 217 "ext/pdo/pdo_sql_parser.c"
+#line 218 "ext/pdo/pdo_sql_parser.c"
yy28:
if((YYLIMIT - YYCURSOR) < 2) YYFILL(2);
yych = *YYCURSOR;
@@ -233,7 +234,7 @@
goto yy27;
}
}
-#line 64 "ext/pdo/pdo_sql_parser.re"
+#line 65 "ext/pdo/pdo_sql_parser.re"
}
@@ -268,6 +269,10 @@
while((t = scan(&s)) != PDO_PARSER_EOI) {
if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) {
if (t == PDO_PARSER_BIND) {
+ int len = s.cur - s.tok;
+ if ((inquery < (s.cur - len)) &&
isalnum(*(s.cur - len - 1))) {
+ continue;
+ }
query_type |= PDO_PLACEHOLDER_NAMED;
} else {
query_type |= PDO_PLACEHOLDER_POSITIONAL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
