Hi guys,
----- Original Message -----
From: "Nuno Lopes"
Sent: Thursday, April 30, 2009
The patch looks generally ok. However I'll need a few more days to
review it carefully and throughly. (you can merge it in the meantime if
you want).
I'm just slighty concern with the amount of parsing we are now doing by
hand, and with the possible (local) security bugs we might be
introducing..
Am I understanding this properly, that this addresses the re2c EOF bug?
So we have an RC planned for next week (freeze Monday evening). Can you
get this fixed and released by then as Marcus is unable to do this
himself?
So this addresses some of the re2c EOF problems, but I don't know if it
addresses all of them or not. I haven't had the time yet for a full
review.
Anyway, Matt can surelly comment on this.
Yes, it addresses the re2c EOF issues for strings and comments, as they were
the problem ones that allowed NULL bytes, and scanned past the EOF NULL. As
I said to Dmitry, I'm not sure if it's now possible to remove the temporary
mmap() fixes that he wanted removed before the next RC (??), or if there
would still be problems with re2c scanning other tokens, even though they
can't contain NULLs. I didn't attempt to make any changes there, since I'm
not familiar with what's been done.
I just wanted to finally send the patch for others to review, and decide
what to do, so I won't commit any changes yet in the meantime. :-)
Nuno
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
