search

z7zmey / php-parser

PHP parser written in Go
https://php-parser.com
MIT License
941 stars 63 forks source link

panic: runtime error: index out of range && invalid memory address or nil pointer dereference #98

Closed bayandin closed 3 years ago

bayandin commented 5 years ago

I'm playing with go-fuzz and have found a couple of crashes:

  1. The first one easy to reproduce from the command line: 
    echo -e "<?<<<'S'\n" > boom.php && php-parser boom.php
panic: runtime error: index out of range

goroutine 20 [running]:
github.com/z7zmey/php-parser/scanner.(*Lexer).createToken(0xc000104000, 0xc00010d284, 0x0, 0x0, 0xc0001000a0)
    /Users/bayandin/go/src/github.com/z7zmey/php-parser/scanner/lexer.go:148 +0x2c6
github.com/z7zmey/php-parser/scanner.(*Lexer).Lex(0xc000104000, 0x12dd360, 0xc000082e00, 0xe048)
    /Users/bayandin/go/src/github.com/z7zmey/php-parser/scanner/scanner.go:8689 +0x3a8b
github.com/z7zmey/php-parser/php7.(*Parser).Lex(0xc000068100, 0xc000082e00, 0xe048)
    /Users/bayandin/go/src/github.com/z7zmey/php-parser/php7/parser.go:43 +0x44
github.com/z7zmey/php-parser/php7.yylex1(0x12dd960, 0xc000068100, 0xc000082e00, 0xe048, 0x4a)
    yaccpar:119 +0x56
github.com/z7zmey/php-parser/php7.(*yyParserImpl).Parse(0xc000082e00, 0x12dd960, 0xc000068100, 0x0)
    yaccpar:204 +0x50b8d
github.com/z7zmey/php-parser/php7.yyParse(...)
    yaccpar:153
github.com/z7zmey/php-parser/php7.(*Parser).Parse(0xc000068100, 0xc000068100)
    /Users/bayandin/go/src/github.com/z7zmey/php-parser/php7/parser.go:72 +0xcb
main.parserWorker(0xc0000a4120, 0xc0000a41e0)
    /Users/bayandin/go/src/github.com/z7zmey/php-parser/main.go:117 +0x3b
created by main.main
    /Users/bayandin/go/src/github.com/z7zmey/php-parser/main.go:63 +0x3b0
  1. The second one came from the example in README with a bit of special data: 
    
package main

import ( "bytes" "os"

"github.com/z7zmey/php-parser/php7"
"github.com/z7zmey/php-parser/visitor"

)

func main() { data := []byte("<?{")

src := bytes.NewBufferString(string(data))

parser := php7.NewParser(src, "example.php")
parser.Parse()

visitor := visitor.Dumper{
    Writer: os.Stdout,
    Indent: "",
}

rootNode := parser.GetRootNode()
rootNode.Walk(&visitor) // Boom!

}

panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x1138f90]

goroutine 1 [running]: main.main() /Users/bayandin/go/src/github.com/z7zmey/php-parser/test.go:25 +0x1f0 exit status 2



I use go version go1.12.9 darwin/amd64
z7zmey commented 3 years ago

Hi @bayandin. I have fixed only the issue with the unclosed HereDoc. The second one requires additional research and will be fixed with #55