Commit ba4567a

authored

Fix OSS-Fuzz #416302790 (php#18537)

The parser accepted invalid code: consts are only valid at the top level, but because phpGH-16952 changed the grammar it was incorrectly allowed at all places that allowed attributed statements. Fix this by introducing a variant of attributed_statement for the top level.

1 parent 5e65d8e commit ba4567aCopy full SHA for ba4567a

File tree

2 files changed

+17

-3

lines changed

Zend
- tests/constants
  - oss_fuzz_416302790.phpt
- zend_language_parser.y

2 files changed

+17

-3

lines changed

`‎Zend/tests/constants/oss_fuzz_416302790.phpt‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,10 @@`
	`1`	`+--TEST--`
	`2`	`+OSS-Fuzz #416302790`
	`3`	`+--FILE--`
	`4`	`+<?php`
	`5`	`+function x(){`
	`6`	`+ #[Attr] const X = 1;`
	`7`	`+}`
	`8`	`+?>`
	`9`	`+--EXPECTF--`
	`10`	`+Parse error: syntax error, unexpected token "const" in %s on line %d`

`‎Zend/zend_language_parser.y‎`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -279,7 +279,7 @@ static YYSIZE_T zend_yytnamerr(char, const char);`
`279`	`279`	`%type <ast> isset_variable type return_type type_expr type_without_static`
`280`	`280`	`%type <ast> identifier type_expr_without_static union_type_without_static_element union_type_without_static intersection_type_without_static`
`281`	`281`	`%type <ast> inline_function union_type_element union_type intersection_type`
`282`		`-%type <ast> attributed_statement attributed_class_statement attributed_parameter`
	`282`	`+%type <ast> attributed_statement attributed_top_statementattributed_class_statement attributed_parameter`
`283`	`283`	`%type <ast> attribute_decl attribute attributes attribute_group namespace_declaration_name`
`284`	`284`	`%type <ast> match match_arm_list non_empty_match_arm_list match_arm match_arm_cond_list`
`285`	`285`	`%type <ast> enum_declaration_statement enum_backing_type enum_case enum_case_expr`
`@@ -391,13 +391,17 @@ attributed_statement:`
`391`	`391`	`\| trait_declaration_statement { $$ = 1ドル; }`
`392`	`392`	`\| interface_declaration_statement { $$ = 1ドル; }`
`393`	`393`	`\| enum_declaration_statement { $$ = 1ドル; }`
	`394`	`+;`
	`395`	`+`
	`396`	`+attributed_top_statement:`
	`397`	`+ attributed_statement { $$ = 1ドル; }`
`394`	`398`	`\| T_CONST const_list ';' { $$ = 2ドル; }`
`395`	`399`	`;`
`396`	`400`
`397`	`401`	`top_statement:`
`398`	`402`	`statement { $$ = 1ドル; }`
`399`		`- \| attributed_statement { $$ = 1ドル; }`
`400`		`- \| attributes attributed_statement { $$ = zend_ast_with_attributes(2ドル, 1ドル); }`
	`403`	`+ \| attributed_top_statement { $$ = 1ドル; }`
	`404`	`+ \| attributes attributed_top_statement { $$ = zend_ast_with_attributes(2ドル, 1ドル); }`
`401`	`405`	`\| T_HALT_COMPILER '(' ')' ';'`
`402`	`406`	`{ $$ = zend_ast_create(ZEND_AST_HALT_COMPILER,`
`403`	`407`	`zend_ast_create_zval_from_long(zend_get_scanned_file_offset()));`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ba4567a

File tree

2 files changed

2 files changed

`‎Zend/tests/constants/oss_fuzz_416302790.phpt‎`

`‎Zend/zend_language_parser.y‎`

0 commit comments