php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch fix-dateparse for *General Issues Bug #67251

Patch version 2014-05-12 02:35 UTC

Return to Bug #67251 | Download this patch
Patch Revisions:

Developer: stas@php.net

diff --git a/NEWS b/NEWS
index 03f8b87..ec1ad06 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
 
 - Date:
   . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
+  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
 
 - DOM:
   . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
diff --git a/ext/date/lib/parse_date.c b/ext/date/lib/parse_date.c
index 47b4817..4b83451 100644
--- a/ext/date/lib/parse_date.c
+++ b/ext/date/lib/parse_date.c
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.13.5 on Sat Jan 25 15:48:30 2014 */
+/* Generated by re2c 0.13.5 on Sun May 11 19:30:56 2014 */
 #line 1 "ext/date/lib/parse_date.re"
 /*
    +----------------------------------------------------------------------+
@@ -25124,6 +25124,10 @@ timelib_time *timelib_parse_from_format(char *format, char *string, int len, tim
 				break;
 
 			case '\\': /* escaped char */
+                if(!fptr[1]) {
+				    add_pbf_error(s, "Escaped character expected", string, begin);
+                    break;
+                }
 				fptr++;
 				if (*ptr == *fptr) {
 					++ptr;
diff --git a/ext/date/lib/parse_date.re b/ext/date/lib/parse_date.re
index 5b923d4..2a0687c 100644
--- a/ext/date/lib/parse_date.re
+++ b/ext/date/lib/parse_date.re
@@ -2131,6 +2131,10 @@ timelib_time *timelib_parse_from_format(char *format, char *string, int len, tim
 				break;
 
 			case '\\': /* escaped char */
+                if(!fptr[1]) {
+				    add_pbf_error(s, "Escaped character expected", string, begin);
+                    break;
+                }
 				fptr++;
 				if (*ptr == *fptr) {
 					++ptr;
diff --git a/ext/date/tests/bug67251.phpt b/ext/date/tests/bug67251.phpt
new file mode 100644
index 0000000..68c56a1
--- /dev/null
+++ b/ext/date/tests/bug67251.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Bug #67251 (date_parse_from_format out-of-bounds read)
+--INI--
+date.timezone=Europe/Berlin
+--FILE--
+<?php
+var_dump(date_parse_from_format("\\","AAAABBBB"));
+--EXPECT--
+array(12) {
+  ["year"]=>
+  bool(false)
+  ["month"]=>
+  bool(false)
+  ["day"]=>
+  bool(false)
+  ["hour"]=>
+  bool(false)
+  ["minute"]=>
+  bool(false)
+  ["second"]=>
+  bool(false)
+  ["fraction"]=>
+  bool(false)
+  ["warning_count"]=>
+  int(0)
+  ["warnings"]=>
+  array(0) {
+  }
+  ["error_count"]=>
+  int(2)
+  ["errors"]=>
+  array(1) {
+    [0]=>
+    string(13) "Trailing data"
+  }
+  ["is_localtime"]=>
+  bool(false)
+}
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Mon Oct 15 12:01:26 2018 UTC