Skip to content

Commit

Permalink
Fix invalid characters passed to hexdec function
Browse files Browse the repository at this point in the history 
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
  • Loading branch information
@MauricioFauth
MauricioFauth committed Sep 16, 2023
1 parent 3a02ade commit dd1e775
Show file tree
Hide file tree
Showing 7 changed files with 251 additions and 41 deletions.
2 changes: 1 addition & 1 deletion src/Token.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,8 +254,8 @@ public function extract()
case self::TYPE_NUMBER:
$ret = str_replace('--', '', $this->token); // e.g. ---42 === -42
if ($this->flags & self::FLAG_NUMBER_HEX) {
$ret = str_replace(['-', '+'], '', $this->token);
if ($this->flags & self::FLAG_NUMBER_NEGATIVE) {
$ret = str_replace('-', '', $this->token);
$ret = -hexdec($ret);
} else {
$ret = hexdec($ret);
Expand Down
1 change: 1 addition & 0 deletions tests/data/bugs/fuzz5.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
+0xO
76 changes: 76 additions & 0 deletions tests/data/bugs/fuzz5.out
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
"query": "+0xO",
"lexer": {
"@type": "PhpMyAdmin\\SqlParser\\Lexer",
"str": "+0xO",
"len": 4,
"last": 4,
"list": {
"@type": "PhpMyAdmin\\SqlParser\\TokensList",
"tokens": [
{
"@type": "PhpMyAdmin\\SqlParser\\Token",
"token": "+0x",
"value": 0,
"keyword": null,
"type": 6,
"flags": 1,
"position": 0
},
{
"@type": "PhpMyAdmin\\SqlParser\\Token",
"token": "O",
"value": "O",
"keyword": null,
"type": 0,
"flags": 0,
"position": 3
},
{
"@type": "PhpMyAdmin\\SqlParser\\Token",
"token": null,
"value": null,
"keyword": null,
"type": 9,
"flags": 0,
"position": null
}
],
"count": 3,
"idx": 3
},
"delimiter": ";",
"delimiterLen": 1,
"strict": false,
"errors": []
},
"parser": {
"@type": "PhpMyAdmin\\SqlParser\\Parser",
"list": {
"@type": "@1"
},
"statements": [],
"brackets": 0,
"strict": false,
"errors": []
},
"errors": {
"lexer": [],
"parser": [
[
"Unexpected beginning of statement.",
{
"@type": "@2"
},
0
],
[
"Unexpected beginning of statement.",
{
"@type": "@3"
},
0
]
]
}
}
1 change: 1 addition & 0 deletions tests/data/bugs/fuzz6.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
-+0x!
69 changes: 69 additions & 0 deletions tests/data/bugs/fuzz6.out
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{
"query": "-+0x!",
"lexer": {
"@type": "PhpMyAdmin\\SqlParser\\Lexer",
"str": "-+0x!",
"len": 5,
"last": 5,
"list": {
"@type": "PhpMyAdmin\\SqlParser\\TokensList",
"tokens": [
{
"@type": "PhpMyAdmin\\SqlParser\\Token",
"token": "-+0x",
"value": 0,
"keyword": null,
"type": 6,
"flags": 9,
"position": 0
},
{
"@type": "PhpMyAdmin\\SqlParser\\Token",
"token": "!",
"value": "!",
"keyword": null,
"type": 2,
"flags": 2,
"position": 4
},
{
"@type": "PhpMyAdmin\\SqlParser\\Token",
"token": null,
"value": null,
"keyword": null,
"type": 9,
"flags": 0,
"position": null
}
],
"count": 3,
"idx": 3
},
"delimiter": ";",
"delimiterLen": 1,
"strict": false,
"errors": []
},
"parser": {
"@type": "PhpMyAdmin\\SqlParser\\Parser",
"list": {
"@type": "@1"
},
"statements": [],
"brackets": 0,
"strict": false,
"errors": []
},
"errors": {
"lexer": [],
"parser": [
[
"Unexpected beginning of statement.",
{
"@type": "@2"
},
0
]
]
}
}
4 changes: 2 additions & 2 deletions tests/data/lexer/lexNumber.in
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
SELECT 12, 34, 5.67, 0x89, -10, --11, +12, .15, 0xFFa, 0xfFA, -0xFFa, -0xfFA, 1e-10, 1e10, .5e10, b'10';
SELECT 12, 34, 5.67, 0x89, -10, --11, +12, .15, 0xFFa, 0xfFA, +0xfFA, -0xFFa, -0xfFA, 1e-10, 1e10, .5e10, b'10';
-- invalid numbers
SELECT 12ex10, b'15', 0XFfA, -0XFfA;
SELECT 12ex10, b'15', 0XFfA, -0XFfA, +0XFfA;
Loading

0 comments on commit dd1e775

Please sign in to comment.