php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64019 Segmentation fault if yaml anchor ends with a colon
Submitted: 2013-01-18 11:50 UTC Modified: 2013-11-16 21:25 UTC
From: alayn at irontec dot com Assigned: bd808 (profile)
Status: Closed Package: yaml (PECL)
PHP Version: 5.4.4 OS: Linux/Debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: alayn at irontec dot com
New email:
PHP Version: OS:

 

 [2013-01-18 11:50 UTC] alayn at irontec dot com 
Description:
------------
A Segmentation fault occurs if a colon is at the end of a Yaml anchor.

Test script:
---------------
test.yaml
----------
configAnchors:
  - &wrongAnchor:   # This last colon (:) makes the script die
    configKey: configValue

config:
  <<: *wrongAnchor

test.php
---------
<?php
yaml_parse_file('test.yaml');

Expected result:
----------------
PHP Warning:  yaml_parse_file(): scanning error encountered during parsing: did not find expected alphabetic or numeric character (line 2, column 17), context while scanning an anchor (line 2, column 5) in /path/to/test.php on line 2

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-21 22:22 UTC] alayn at irontec dot com 
I've been taking a deeper look in this issue and I can simplify the failing test 
to:

test.yaml
---------
config:
  <<: 
---------

I think the colon in the anchor just returns an empty value, so the problem is 
that an empty "merge" triggers the segmentation fault.

Maybe this line should just be ignored, without warnings?
 [2013-01-21 22:22 UTC] alayn at irontec dot com
-Operating System: +Operating System: Linux/Debian -PHP Version: Irrelevant +PHP Version: 5.4.4
 [2013-11-16 21:25 UTC] bd808@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: bd808
 [2013-11-16 21:25 UTC] bd808@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2013-11-19 05:47 UTC] bd808@php.net 
Patch included in 1.1.1 release.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 12:01:30 2024 UTC