Fixed parsing of unterminated variables.

nijel · nijel · commit 0c5d8750d06e · 2017-01-20T14:01:02.000+01:00
Fixes phpmyadmin/phpmyadmin#12894 Signed-off-by: Michal Čihař <michal@cihar.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 * Coding style fixes.
 * Fixed indentation in HTML formatting.
+* Fixed parsing of unterminated variables.
 
 ## [3.4.16] - 2017-01-06
 
diff --git a/src/Lexer.php b/src/Lexer.php
@@ -889,7 +889,7 @@ public function parseSymbol()
         }
 
         if ($flags & Token::FLAG_SYMBOL_VARIABLE) {
-            if ($this->str[++$this->last] === '@') {
+            if ($this->last + 1 < $this->len && $this->str[++$this->last] === '@') {
                 // This is a system variable (e.g. `@@hostname`).
                 $token .= $this->str[$this->last++];
                 $flags |= Token::FLAG_SYMBOL_SYSTEM;
diff --git a/tests/Parser/SelectStatementTest.php b/tests/Parser/SelectStatementTest.php
@@ -37,6 +37,7 @@ public function testSelectProvider()
             array('parser/parseSelect10'),
             array('parser/parseSelect11'),
             array('parser/parseSelectErr1'),
+            array('parser/parseSelectErr2'),
             array('parser/parseSelectNested'),
             array('parser/parseSelectCase1'),
             array('parser/parseSelectCase2'),
diff --git a/tests/data/parser/parseSelectErr2.in b/tests/data/parser/parseSelectErr2.in
@@ -0,0 +1 @@
+select * from foobar where foo = @
diff --git a/tests/data/parser/parseSelectErr2.out b/tests/data/parser/parseSelectErr2.out
@@ -0,0 +1,4 @@
+a:4:{s:5:"query";s:35:"select * from foobar where foo = @
+";s:5:"lexer";O:15:"SqlParser\Lexer":8:{s:6:"strict";b:0;s:3:"str";s:35:"select * from foobar where foo = @
+";s:3:"len";i:35;s:4:"last";i:35;s:4:"list";O:20:"SqlParser\TokensList":3:{s:6:"tokens";a:16:{i:0;O:15:"SqlParser\Token":5:{s:5:"token";s:6:"select";s:5:"value";s:6:"SELECT";s:4:"type";i:1;s:5:"flags";i:3;s:8:"position";i:0;}i:1;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:6;}i:2;O:15:"SqlParser\Token":5:{s:5:"token";s:1:"*";s:5:"value";s:1:"*";s:4:"type";i:2;s:5:"flags";i:1;s:8:"position";i:7;}i:3;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:8;}i:4;O:15:"SqlParser\Token":5:{s:5:"token";s:4:"from";s:5:"value";s:4:"FROM";s:4:"type";i:1;s:5:"flags";i:3;s:8:"position";i:9;}i:5;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:13;}i:6;O:15:"SqlParser\Token":5:{s:5:"token";s:6:"foobar";s:5:"value";s:6:"foobar";s:4:"type";i:0;s:5:"flags";i:0;s:8:"position";i:14;}i:7;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:20;}i:8;O:15:"SqlParser\Token":5:{s:5:"token";s:5:"where";s:5:"value";s:5:"WHERE";s:4:"type";i:1;s:5:"flags";i:3;s:8:"position";i:21;}i:9;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:26;}i:10;O:15:"SqlParser\Token":5:{s:5:"token";s:3:"foo";s:5:"value";s:3:"foo";s:4:"type";i:0;s:5:"flags";i:0;s:8:"position";i:27;}i:11;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:30;}i:12;O:15:"SqlParser\Token":5:{s:5:"token";s:1:"=";s:5:"value";s:1:"=";s:4:"type";i:2;s:5:"flags";i:2;s:8:"position";i:31;}i:13;O:15:"SqlParser\Token":5:{s:5:"token";s:1:" ";s:5:"value";s:1:" ";s:4:"type";i:3;s:5:"flags";i:0;s:8:"position";i:32;}i:14;O:15:"SqlParser\Token":5:{s:5:"token";s:1:"@";s:5:"value";s:0:"";s:4:"type";i:8;s:5:"flags";i:1;s:8:"position";i:33;}i:15;O:15:"SqlParser\Token":5:{s:5:"token";N;s:5:"value";N;s:4:"type";i:9;s:5:"flags";i:0;s:8:"position";N;}}s:5:"count";i:16;s:3:"idx";i:16;}s:9:"delimiter";s:1:";";s:12:"delimiterLen";i:1;s:6:"errors";a:0:{}}s:6:"parser";O:16:"SqlParser\Parser":5:{s:4:"list";r:8;s:6:"strict";b:0;s:6:"errors";a:0:{}s:10:"statements";a:1:{i:0;O:36:"SqlParser\Statements\SelectStatement":16:{s:4:"expr";a:1:{i:0;O:31:"SqlParser\Components\Expression":7:{s:8:"database";N;s:5:"table";N;s:6:"column";N;s:4:"expr";s:1:"*";s:5:"alias";N;s:8:"function";N;s:8:"subquery";N;}}s:4:"from";a:1:{i:0;O:31:"SqlParser\Components\Expression":7:{s:8:"database";N;s:5:"table";s:6:"foobar";s:6:"column";N;s:4:"expr";s:6:"foobar";s:5:"alias";N;s:8:"function";N;s:8:"subquery";N;}}s:9:"partition";N;s:5:"where";a:1:{i:0;O:30:"SqlParser\Components\Condition":3:{s:11:"identifiers";a:2:{i:0;s:3:"foo";i:1;s:0:"";}s:10:"isOperator";b:0;s:4:"expr";s:7:"foo = @";}}s:5:"group";N;s:6:"having";N;s:5:"order";N;s:5:"limit";N;s:9:"procedure";N;s:4:"into";N;s:4:"join";N;s:5:"union";a:0:{}s:11:"end_options";N;s:7:"options";O:33:"SqlParser\Components\OptionsArray":1:{s:7:"options";a:0:{}}s:5:"first";i:0;s:4:"last";i:14;}}s:8:"brackets";i:0;}s:6:"errors";a:2:{s:5:"lexer";a:1:{i:0;a:4:{i:0;s:27:"Variable name was expected.";i:1;s:1:"
+";i:2;i:34;i:3;i:0;}}s:6:"parser";a:0:{}}}

Original file line number	Diff line number	Diff line change
`@@ -889,7 +889,7 @@ public function parseSymbol()`
`889`	`889`	`}`
`890`	`890`
`891`	`891`	`if ($flags & Token::FLAG_SYMBOL_VARIABLE) {`
`892`		`- if ($this->str[++$this->last] === '@') {`
	`892`	`+ if ($this->last + 1 < $this->len && $this->str[++$this->last] === '@') {`
`893`	`893`	// This is a system variable (e.g. `@@hostname`).
`894`	`894`	`$token .= $this->str[$this->last++];`
`895`	`895`	`$flags \|= Token::FLAG_SYMBOL_SYSTEM;`