From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 5CVS-2007-01-30 (CVS)
PHP Bug Type: PDO related
Bug description: The prepare parser goes into an infinite loop.
Description:
------------
When running the reproduce code below the parser "pdo_parse_params" in
ext/pdo/pdo_sql_parser.re goes into an infinite loop. This is NOT
reproducible with re2c 0.9.12, but it is with 0.10.4 and 0.11.0.
When I re-generate the parser with 0.11.0 and the -d (debug) flag, and I
provide the YYDEBUG macro as follows (for example below the #define
YYFILL(n) macro definition:
#define YYDEBUG(s,c) { if (s != -1) { printf("state: %d ", s);
printf("[%c]\n", c); } }
the output is:
state: 0 [I]
state: 8 [I]
state: 9 [N]
state: 8 [N]
state: 9 [S]
state: 8 [S]
state: 9 [E]
state: 8 [E]
state: 9 [R]
state: 8 [R]
state: 9 [T]
state: 8 [T]
state: 9 [ ]
state: 8 [ ]
state: 9 [I]
state: 8 [I]
state: 9 [N]
state: 8 [N]
state: 9 [T]
state: 8 [T]
state: 9 [O]
state: 8 [O]
state: 9 [ ]
state: 8 [ ]
state: 9 [q]
state: 8 [q]
state: 9 [u]
state: 8 [u]
state: 9 [e]
state: 8 [e]
state: 9 [r]
state: 8 [r]
state: 9 [y]
state: 8 [y]
state: 9 [_]
state: 8 [_]
state: 9 [t]
state: 8 [t]
state: 9 [e]
state: 8 [e]
state: 9 [s]
state: 8 [s]
state: 9 [t]
state: 8 [t]
state: 9 [ ]
state: 8 [ ]
state: 9 [V]
state: 8 [V]
state: 9 [A]
state: 8 [A]
state: 9 [L]
state: 8 [L]
state: 9 [U]
state: 8 [U]
state: 9 [E]
state: 8 [E]
state: 9 [S]
state: 8 [S]
state: 9 [(]
state: 8 [(]
state: 9 [ ]
state: 8 [ ]
state: 9 [']
state: 10 [']
1
state: 0 [']
state: 4 [']
state: 19 [:]
state: 20 [:]
state: 19 [:]
state: 20 [:]
state: 19 [:]
state: 20 [:]
state: 19 [:]
state: 20 [:]
state: 19 [:]
and from there on it loops.
>From what I can see it has to do with some ambiguous rules for single
quoted strings and the SPECIALS token.
Reproduce code:
---------------
<?php
$d = new PDO('mysql:dbname=ezc;host=localhost', 'root');
$d->setAttribute( PDO::ATTR_EMULATE_PREPARES, true );
$s = $d->prepare("INSERT INTO query_test VALUES( ':id', 'name', 'section',
22)" );
$s->execute();
(you don't actually need the table "query_test").
Expected result:
----------------
The values ":id", "name", "section" and 22 are added into the table.
Actual result:
--------------
An infinite loop in states 19 and 20 of the re2c parser.
--
Edit bug report at http://bugs.php.net/?id=40285&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=40285&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=40285&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=40285&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=40285&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=40285&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=40285&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=40285&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=40285&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=40285&r=support
Expected behavior: http://bugs.php.net/fix.php?id=40285&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=40285&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=40285&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=40285&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40285&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=40285&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=40285&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=40285&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=40285&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=40285&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=40285&r=mysqlcfg
