php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #24550 tokenizing & syntax highlighting crashes
Submitted: 2003-07-08 17:13 UTC Modified: 2004-03-08 02:50 UTC
From: hos dot endre at axelero dot hu Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: CVS HEAD OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-07-08 17:13 UTC] hos dot endre at axelero dot hu 
Description:
------------
Tokenizer function (token_get_all) crashes and Apache is going down immediately, when a newly introduced __METHOD__ constant have found in the script. Workx good with __FUNCTION__ constant, now I'm gonna use __FUNCTION__ in my script, but might be problem one day for others...
I guess the sample code wont crash before PHP5, because if I write anything else instead of __METHOD__, parser assumes that it's ok! Compiler handles this constant, so the scripts works well with __METHOD__, but should be untokenizable for documentation generators. Now I tried syntax highlighting: same result, as I expected.
By the way: in the sample code I use __METHOD__ out of a method, originally the problem came up in a method's body.

Reproduce code:
---------------
// I hope you like this - the shortest crasher formula:
highlight_string('<?__METHOD__');

Expected result:
----------------
I expect crash.

Actual result:
--------------
Doctor, what's on?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-09 06:47 UTC] sniper@php.net 
[Switching to Thread 1024 (runnable)]
lex_scan (zendlval=0xbffff2b8) at /usr/src/web/php/php5/Zend/zend_language_scanner.l:988
988             char *func_name = CG(active_op_array)->function_name;
(gdb) bt
#0  lex_scan (zendlval=0xbffff2b8) at /usr/src/web/php/php5/Zend/zend_language_scanner.l:988
#1  0x813f070 in zend_highlight (syntax_highlighter_ini=0xbffff354) at /usr/src/web/php/php5/Zend/zend_highlight.c:176
#2  0x81313db in highlight_string (str=0x40298ccc, syntax_highlighter_ini=0xbffff354, 
    str_name=0x402992d4 "Command line code(1) : highlighted code")
    at /usr/src/web/php/php5/Zend/zend_language_scanner.l:461
#3  0x80c8094 in zif_highlight_string (ht=1, return_value=0x402992b4, this_ptr=0x0, return_value_used=0)
    at /usr/src/web/php/php5/ext/standard/basic_functions.c:2251
#4  0x816b63d in zend_do_fcall_common_helper (execute_data=0xbffff43c, op_array=0x4029905c)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2664
#5  0x816bbc2 in zend_do_fcall_handler (execute_data=0xbffff43c, op_array=0x4029905c)
    at /usr/src/web/php/php5/Zend/zend_execute.c:2793
#6  0x815bc54 in execute (op_array=0x4029905c) at /usr/src/web/php/php5/Zend/zend_execute.c:1266
#7  0x813ea61 in zend_eval_string (str=0xbffff7d7 "highlight_string('<?__METHOD__');", retval_ptr=0x0, 
    string_name=0x81ae354 "Command line code") at /usr/src/web/php/php5/Zend/zend_execute_API.c:803
#8  0x8175114 in main (argc=3, argv=0xbffff674) at /usr/src/web/php/php5/sapi/cli/php_cli.c:1001
#9  0x401b19cb in __libc_start_main (main=0x8174378 <main>, argc=3, argv=0xbffff674, init=0x80696a0 <_init>, 
    fini=0x8175724 <_fini>, rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffff66c)
    at ../sysdeps/generic/libc-start.c:92
(gdb)
 [2003-07-27 07:25 UTC] stas@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 [2004-03-07 23:52 UTC] cellog@php.net 
token_get_all('<?php ; __METHOD__');

crashes in zend_language_scanner.l on line 1267

	char *func_name = CG(active_op_array)? CG(active_op_array)->function_name : NULL;

As near as I can tell, active_op_array doesn't exist.  I suspect the tokenizer does not properly prepare for parsing, but have no idea how to investigate further.  I need this one to be fixed for phpDocumentor 2.0 to work at all wiht __METHOD__ in source code.

Thanks,
Greg
 [2004-03-07 23:55 UTC] cellog@php.net 
Found it.

Index: ext/tokenizer/tokenizer.c
===================================================================
RCS file: /repository/php-src/ext/tokenizer/tokenizer.c,v
retrieving revision 1.28
diff -u -r1.28 tokenizer.c
--- ext/tokenizer/tokenizer.c	2 Mar 2004 17:51:46 -0000	1.28
+++ ext/tokenizer/tokenizer.c	8 Mar 2004 05:03:31 -0000
@@ -257,6 +257,7 @@
 	REGISTER_LONG_CONSTANT("T_ARRAY", T_ARRAY, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("T_CLASS_C", T_CLASS_C, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("T_FUNC_C", T_FUNC_C, CONST_CS | CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("T_METHOD_C", T_FUNC_C, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("T_LINE", T_LINE, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("T_FILE", T_FILE, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("T_COMMENT", T_COMMENT, CONST_CS | CONST_PERSISTENT);
@@ -470,6 +471,7 @@
 		case T_ARRAY: return "T_ARRAY";
 		case T_CLASS_C: return "T_CLASS_C";
 		case T_FUNC_C: return "T_FUNC_C";
+		case T_METHOD_C: return "T_METHOD_C";
 		case T_LINE: return "T_LINE";
 		case T_FILE: return "T_FILE";
 		case T_COMMENT: return "T_COMMENT";
 [2004-03-08 02:50 UTC] derick@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat May 18 00:01:33 2024 UTC