From a62760ca2cd18826347b622fa19519f2b4ca84a0 Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Fri, 19 Dec 2014 00:23:51 +0100 Subject: [PATCH 1/5] #44 - test case to verify correct escaping of quotes in lexed strings --- .../Tests/Common/Annotations/DocLexerTest.php | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php b/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php index c09d7bbb3..e95bd25f8 100644 --- a/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php +++ b/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php @@ -165,4 +165,53 @@ public function testWithinDoubleQuotesVeryVeryLongStringWillNotOverflowPregSplit $this->assertInternalType('array', $lexer->glimpse()); } + + /** + * @group 44 + */ + public function testRecognizesDoubleQuotesEscapeSequence() + { + $lexer = new DocLexer(); + $docblock = '@Foo("""' . "\n" . '""")'; + + $tokens = array ( + array( + 'value' => '@', + 'position' => 0, + 'type' => DocLexer::T_AT, + ), + array( + 'value' => 'Foo', + 'position' => 1, + 'type' => DocLexer::T_IDENTIFIER, + ), + array( + 'value' => '(', + 'position' => 4, + 'type' => DocLexer::T_OPEN_PARENTHESIS, + ), + array( + 'value' => "\"\n\"", + 'position' => 5, + 'type' => DocLexer::T_STRING, + ), + array( + 'value' => ')', + 'position' => 12, + 'type' => DocLexer::T_CLOSE_PARENTHESIS, + ), + ); + + $lexer->setInput($docblock); + + foreach ($tokens as $expected) { + $lexer->moveNext(); + $lookahead = $lexer->lookahead; + $this->assertEquals($expected['value'], $lookahead['value']); + $this->assertEquals($expected['type'], $lookahead['type']); + $this->assertEquals($expected['position'], $lookahead['position']); + } + + $this->assertFalse($lexer->moveNext()); + } } From f177d96b5320c12fc78432626fe43de737713d23 Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Fri, 19 Dec 2014 00:25:38 +0100 Subject: [PATCH 2/5] #44 - verifying correct paring of annotation with escaped quotes --- .../Tests/Common/Annotations/DocParserTest.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/Doctrine/Tests/Common/Annotations/DocParserTest.php b/tests/Doctrine/Tests/Common/Annotations/DocParserTest.php index 7d670a99e..d2511f018 100644 --- a/tests/Doctrine/Tests/Common/Annotations/DocParserTest.php +++ b/tests/Doctrine/Tests/Common/Annotations/DocParserTest.php @@ -1282,6 +1282,19 @@ public function testKeyHasNumber() $this->assertEquals(1, count($annots)); $this->assertEquals(array('foo' => 'test', 'bar2' => 'test'), $annots[0]->settings); } + + /** + * @group 44 + */ + public function testSupportsEscapedQuotedValues() + { + $result = $this->createTestParser()->parse('@Doctrine\Tests\Common\Annotations\Name(foo="""bar""")'); + + $this->assertCount(1, $result); + + $this->assertTrue($result[0] instanceof Name); + $this->assertEquals('"bar"', $result[0]->foo); + } } /** @Annotation */ From 918ba147b2b7e98259a96358da0d0183caa88a8c Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Fri, 19 Dec 2014 01:43:48 +0100 Subject: [PATCH 3/5] #44 - reverting #44 patch by using a matcher that allows a longer sequence to be parsed Note that this doesn't solve the stack overflow issue with `preg_split()`, but just increases the size of the string that could be matched. --- lib/Doctrine/Common/Annotations/DocLexer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Doctrine/Common/Annotations/DocLexer.php b/lib/Doctrine/Common/Annotations/DocLexer.php index 29c504ccd..1ba1b9c4f 100644 --- a/lib/Doctrine/Common/Annotations/DocLexer.php +++ b/lib/Doctrine/Common/Annotations/DocLexer.php @@ -84,7 +84,7 @@ protected function getCatchablePatterns() return array( '[a-z_\\\][a-z0-9_\:\\\]*[a-z_][a-z0-9_]*', '(?:[+-]?[0-9]+(?:[\.][0-9]+)*)(?:[eE][+-]?[0-9]+)?', - '"(?:[^"])*"', + '"(?:""|[^"])*"', ); } From 028f4bf12265ac82bbfdb4ec12d66b629b11c441 Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Sat, 20 Dec 2014 21:41:00 +0100 Subject: [PATCH 4/5] #44 - increasing tested string size to check for more possible stack overflows in `preg_split()` --- tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php b/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php index e95bd25f8..b9fe007f3 100644 --- a/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php +++ b/tests/Doctrine/Tests/Common/Annotations/DocLexerTest.php @@ -161,7 +161,7 @@ public function testWithinDoubleQuotesVeryVeryLongStringWillNotOverflowPregSplit { $lexer = new DocLexer(); - $lexer->setInput('"' . str_repeat('.', 10240) . '"'); + $lexer->setInput('"' . str_repeat('.', 20240) . '"'); $this->assertInternalType('array', $lexer->glimpse()); } From ceaf9ad7c16796dc90fd1e67ec7dc68dc37f05f9 Mon Sep 17 00:00:00 2001 From: Marco Pivetta Date: Sat, 20 Dec 2014 21:43:43 +0100 Subject: [PATCH 5/5] #44 - using a possessive quantifier to reduce likeliness of `preg_split()` internal overflows As per @stof's suggestion --- lib/Doctrine/Common/Annotations/DocLexer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Doctrine/Common/Annotations/DocLexer.php b/lib/Doctrine/Common/Annotations/DocLexer.php index 1ba1b9c4f..d864540e0 100644 --- a/lib/Doctrine/Common/Annotations/DocLexer.php +++ b/lib/Doctrine/Common/Annotations/DocLexer.php @@ -84,7 +84,7 @@ protected function getCatchablePatterns() return array( '[a-z_\\\][a-z0-9_\:\\\]*[a-z_][a-z0-9_]*', '(?:[+-]?[0-9]+(?:[\.][0-9]+)*)(?:[eE][+-]?[0-9]+)?', - '"(?:""|[^"])*"', + '"(?:""|[^"])*+"', ); }