Giters

z7zmey / php-parser

PHP parser written in Go

Home Page:https://php-parser.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

panic: runtime error: index out of range && invalid memory address or nil pointer dereference

bayandin opened this issue · comments

commented

I'm playing with go-fuzz and have found a couple of crashes:

  1. The first one easy to reproduce from the command line:
echo -e "<?<<<'S'\n" > boom.php && php-parser boom.php
panic: runtime error: index out of range

goroutine 20 [running]:
github.com/z7zmey/php-parser/scanner.(*Lexer).createToken(0xc000104000, 0xc00010d284, 0x0, 0x0, 0xc0001000a0)
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/scanner/lexer.go:148 +0x2c6
github.com/z7zmey/php-parser/scanner.(*Lexer).Lex(0xc000104000, 0x12dd360, 0xc000082e00, 0xe048)
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/scanner/scanner.go:8689 +0x3a8b
github.com/z7zmey/php-parser/php7.(*Parser).Lex(0xc000068100, 0xc000082e00, 0xe048)
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/php7/parser.go:43 +0x44
github.com/z7zmey/php-parser/php7.yylex1(0x12dd960, 0xc000068100, 0xc000082e00, 0xe048, 0x4a)
	yaccpar:119 +0x56
github.com/z7zmey/php-parser/php7.(*yyParserImpl).Parse(0xc000082e00, 0x12dd960, 0xc000068100, 0x0)
	yaccpar:204 +0x50b8d
github.com/z7zmey/php-parser/php7.yyParse(...)
	yaccpar:153
github.com/z7zmey/php-parser/php7.(*Parser).Parse(0xc000068100, 0xc000068100)
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/php7/parser.go:72 +0xcb
main.parserWorker(0xc0000a4120, 0xc0000a41e0)
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/main.go:117 +0x3b
created by main.main
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/main.go:63 +0x3b0
  1. The second one came from the example in README with a bit of special data:
package main

import (
	"bytes"
	"os"

	"github.com/z7zmey/php-parser/php7"
	"github.com/z7zmey/php-parser/visitor"
)

func main() {
	data := []byte("<?{")

	src := bytes.NewBufferString(string(data))

	parser := php7.NewParser(src, "example.php")
	parser.Parse()

	visitor := visitor.Dumper{
		Writer: os.Stdout,
		Indent: "",
	}

	rootNode := parser.GetRootNode()
	rootNode.Walk(&visitor) // Boom!
}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x1138f90]

goroutine 1 [running]:
main.main()
	/Users/bayandin/go/src/github.com/z7zmey/php-parser/test.go:25 +0x1f0
exit status 2

I use go version go1.12.9 darwin/amd64

commented

Hi @bayandin. I have fixed only the issue with the unclosed HereDoc. The second one requires additional research and will be fixed with #55