Fix invalid characters passed to hexdec function

MauricioFauth · MauricioFauth · commit dd1e7752966b · 2023-09-16T00:54:06.000-03:00
Signed-off-by: Maurício Meneghini Fauth &lt;mauricio@fauth.dev&gt;
diff --git a/src/Token.php b/src/Token.php
@@ -254,8 +254,8 @@ public function extract()
             case self::TYPE_NUMBER:
                 $ret = str_replace('--', '', $this->token); // e.g. ---42 === -42
                 if ($this->flags & self::FLAG_NUMBER_HEX) {
+                    $ret = str_replace(['-', '+'], '', $this->token);
                     if ($this->flags & self::FLAG_NUMBER_NEGATIVE) {
-                        $ret = str_replace('-', '', $this->token);
                         $ret = -hexdec($ret);
                     } else {
                         $ret = hexdec($ret);
diff --git a/tests/data/bugs/fuzz5.in b/tests/data/bugs/fuzz5.in
@@ -0,0 +1 @@
++0xO
diff --git a/tests/data/bugs/fuzz5.out b/tests/data/bugs/fuzz5.out
@@ -0,0 +1,76 @@
+{
+    "query": "+0xO",
+    "lexer": {
+        "@type": "PhpMyAdmin\\SqlParser\\Lexer",
+        "str": "+0xO",
+        "len": 4,
+        "last": 4,
+        "list": {
+            "@type": "PhpMyAdmin\\SqlParser\\TokensList",
+            "tokens": [
+                {
+                    "@type": "PhpMyAdmin\\SqlParser\\Token",
+                    "token": "+0x",
+                    "value": 0,
+                    "keyword": null,
+                    "type": 6,
+                    "flags": 1,
+                    "position": 0
+                },
+                {
+                    "@type": "PhpMyAdmin\\SqlParser\\Token",
+                    "token": "O",
+                    "value": "O",
+                    "keyword": null,
+                    "type": 0,
+                    "flags": 0,
+                    "position": 3
+                },
+                {
+                    "@type": "PhpMyAdmin\\SqlParser\\Token",
+                    "token": null,
+                    "value": null,
+                    "keyword": null,
+                    "type": 9,
+                    "flags": 0,
+                    "position": null
+                }
+            ],
+            "count": 3,
+            "idx": 3
+        },
+        "delimiter": ";",
+        "delimiterLen": 1,
+        "strict": false,
+        "errors": []
+    },
+    "parser": {
+        "@type": "PhpMyAdmin\\SqlParser\\Parser",
+        "list": {
+            "@type": "@1"
+        },
+        "statements": [],
+        "brackets": 0,
+        "strict": false,
+        "errors": []
+    },
+    "errors": {
+        "lexer": [],
+        "parser": [
+            [
+                "Unexpected beginning of statement.",
+                {
+                    "@type": "@2"
+                },
+                0
+            ],
+            [
+                "Unexpected beginning of statement.",
+                {
+                    "@type": "@3"
+                },
+                0
+            ]
+        ]
+    }
+}
diff --git a/tests/data/bugs/fuzz6.in b/tests/data/bugs/fuzz6.in
@@ -0,0 +1 @@
+-+0x!
diff --git a/tests/data/bugs/fuzz6.out b/tests/data/bugs/fuzz6.out
@@ -0,0 +1,69 @@
+{
+    "query": "-+0x!",
+    "lexer": {
+        "@type": "PhpMyAdmin\\SqlParser\\Lexer",
+        "str": "-+0x!",
+        "len": 5,
+        "last": 5,
+        "list": {
+            "@type": "PhpMyAdmin\\SqlParser\\TokensList",
+            "tokens": [
+                {
+                    "@type": "PhpMyAdmin\\SqlParser\\Token",
+                    "token": "-+0x",
+                    "value": 0,
+                    "keyword": null,
+                    "type": 6,
+                    "flags": 9,
+                    "position": 0
+                },
+                {
+                    "@type": "PhpMyAdmin\\SqlParser\\Token",
+                    "token": "!",
+                    "value": "!",
+                    "keyword": null,
+                    "type": 2,
+                    "flags": 2,
+                    "position": 4
+                },
+                {
+                    "@type": "PhpMyAdmin\\SqlParser\\Token",
+                    "token": null,
+                    "value": null,
+                    "keyword": null,
+                    "type": 9,
+                    "flags": 0,
+                    "position": null
+                }
+            ],
+            "count": 3,
+            "idx": 3
+        },
+        "delimiter": ";",
+        "delimiterLen": 1,
+        "strict": false,
+        "errors": []
+    },
+    "parser": {
+        "@type": "PhpMyAdmin\\SqlParser\\Parser",
+        "list": {
+            "@type": "@1"
+        },
+        "statements": [],
+        "brackets": 0,
+        "strict": false,
+        "errors": []
+    },
+    "errors": {
+        "lexer": [],
+        "parser": [
+            [
+                "Unexpected beginning of statement.",
+                {
+                    "@type": "@2"
+                },
+                0
+            ]
+        ]
+    }
+}
diff --git a/tests/data/lexer/lexNumber.in b/tests/data/lexer/lexNumber.in
@@ -1,3 +1,3 @@
-SELECT 12, 34, 5.67, 0x89, -10, --11, +12, .15, 0xFFa, 0xfFA, -0xFFa, -0xfFA, 1e-10, 1e10, .5e10, b'10';
+SELECT 12, 34, 5.67, 0x89, -10, --11, +12, .15, 0xFFa, 0xfFA, +0xfFA, -0xFFa, -0xfFA, 1e-10, 1e10, .5e10, b'10';
 -- invalid numbers
-SELECT 12ex10, b'15', 0XFfA, -0XFfA;
+SELECT 12ex10, b'15', 0XFfA, -0XFfA, +0XFfA;
diff --git a/tests/data/lexer/lexNumber.out b/tests/data/lexer/lexNumber.out
