|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2018-03-08 14:26 UTC] madboyka at yahoo dot com
Description:
------------
Trying to parse the value "[foo]\nbar=1|>baz" with process_sections = true and scanner_mode = INI_SCANNER_TYPED causes a segmentation fault in the php process.
Looks like PHP sees the | as a logical operator and tries to do something with it.
Doesn't matter whether parse_ini_string or parse_ini_file is used.
I tried this on:
Windows 10 with PHP 7.2.3
Ubuntu 16.04 with PHP 7.1.14-1+ubuntu16.04.1+deb.sury.org+1
CentOS 7.4.1708 with PHP 7.1.14
Test script:
---------------
parse_ini_string("[foo]\nbar=1|>baz",true, \INI_SCANNER_TYPED);
Expected result:
----------------
the code should run without errors and return ['foo'=> ['bar' => '1|>baz']]
Actual result:
--------------
produces segmentation fault
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 14:01:29 2024 UTC |
> the code should run without errors and return > ['foo'=> ['bar' => '1|>baz']] Assuming this return value would be incorrect, since the documentation[1] states: | If a value in the ini file contains any non-alphanumeric | characters it needs to be enclosed in double-quotes ("). However, a segfault must indeed not occur here. The problem is that `zend_ini_do_op()` assumes that the operands are strings[2], which is wrong, since in case of the given reproduce script, op1 `IS_LONG`. [1] <http://www.php.net/manual/en/function.parse-ini-file.php#refsect1-function.parse-ini-file-notes> [2] <https://github.com/php/php-src/blob/php-7.2.3/Zend/zend_ini_parser.y#L60-L63>