Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:43828 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 22607 invoked from network); 4 May 2009 07:40:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 May 2009 07:40:18 -0000 Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.185 as permitted sender) X-PHP-List-Original-Sender: dmitry@zend.com X-Host-Fingerprint: 212.25.124.185 il-mr1.zend.com Received: from [212.25.124.185] ([212.25.124.185:53046] helo=il-mr1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FF/34-23981-0EB9EF94 for ; Mon, 04 May 2009 03:40:17 -0400 Received: from il-gw1.zend.com (unknown [10.1.1.21]) by il-mr1.zend.com (Postfix) with ESMTP id 34DC350489; Mon, 4 May 2009 11:27:52 +0300 (IDT) Received: from ws.home ([10.1.10.7]) by il-gw1.zend.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 4 May 2009 10:40:12 +0300 Message-ID: <49FE9BDA.3020603@zend.com> Date: Mon, 04 May 2009 11:40:10 +0400 User-Agent: Thunderbird 2.0.0.21 (X11/20090320) MIME-Version: 1.0 To: Matt Wilmas CC: internals@lists.php.net, Nuno Lopes , Lukas Kahwe Smith , shire@php.net References: <6604D94D40FD465F992144110B075BB5@pc1> <9D5D4CBF-5CB1-47EC-81F4-59E3C48EEEEF@pooteeweet.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 04 May 2009 07:40:12.0184 (UTC) FILETIME=[8E9B6980:01C9CC8B] Subject: Re: [PHP-DEV] [PATCH] Scanner "diet" with fixes, etc. From: dmitry@zend.com (Dmitry Stogov) Hi Matt, I wasn't able to look into all details of the patch, but in general I like it, as it fixes bugs and makes scanner smaller. I think you can commit it. Although this patch doesn't fix the EOF handling related to mmap(). Thanks. Dmitry. Matt Wilmas wrote: > Hi guys, > > ----- Original Message ----- > From: "Nuno Lopes" > Sent: Thursday, April 30, 2009 > >>>> The patch looks generally ok. However I'll need a few more days to >>>> review it carefully and throughly. (you can merge it in the >>>> meantime if you want). >>>> I'm just slighty concern with the amount of parsing we are now >>>> doing by hand, and with the possible (local) security bugs we might >>>> be introducing.. >>> >>> >>> Am I understanding this properly, that this addresses the re2c EOF >>> bug? So we have an RC planned for next week (freeze Monday evening). >>> Can you get this fixed and released by then as Marcus is unable to >>> do this himself? >> >> So this addresses some of the re2c EOF problems, but I don't know if >> it addresses all of them or not. I haven't had the time yet for a full >> review. >> Anyway, Matt can surelly comment on this. > > Yes, it addresses the re2c EOF issues for strings and comments, as they > were the problem ones that allowed NULL bytes, and scanned past the EOF > NULL. As I said to Dmitry, I'm not sure if it's now possible to remove > the temporary mmap() fixes that he wanted removed before the next RC > (??), or if there would still be problems with re2c scanning other > tokens, even though they can't contain NULLs. I didn't attempt to make > any changes there, since I'm not familiar with what's been done. > > I just wanted to finally send the patch for others to review, and decide > what to do, so I won't commit any changes yet in the meantime. :-) > >> Nuno > > > - Matt