[Dotenv] Fixed infinite loop with missing quote followed by quoted value #34643
Conversation
|
I'm not sure about the patch: if I revert the change but keep the test, the test fails with an undefined offset error. --- a/src/Symfony/Component/Dotenv/Dotenv.php
+++ b/src/Symfony/Component/Dotenv/Dotenv.php
@@ -203,7 +203,10 @@ final class Dotenv
$this->cursor += 1 + $len;
} elseif ('"' === $this->data[$this->cursor]) {
$value = '';
- ++$this->cursor;
+
+ if (++$this->cursor === $this->end) {
+ throw $this->createFormatException('Missing quote to end the value');
+ }
while ('"' !== $this->data[$this->cursor] || ('\\' === $this->data[$this->cursor - 1] && '\\' !== $this->data[$this->cursor - 2])) {
$value .= $this->data[$this->cursor];Which means we need another test case to trigger the infinite loop and fix it I think. |
@nicolas-grekas Yes, this is because of the ErrorHandler of phpunit. The access of the uninitialized string offset triggers a notice which invokes the error handler and throws an exception. To trigger the infinite loop in the unit test you have to disable phpunit's Or if you want to see the infinite loop you can try the code block that I have attached to #34642.
Your patch fixes the error, but with a wrong offset in the error hint. require __DIR__.'/vendor/autoload.php';
$testString = 'FOO="x"
DOO="y
VOO="z"';
$dotenv = new \Symfony\Component\Dotenv\Dotenv();
$dotenv->parse($testString);the output will look like: This makes it harder to find the broken line, because the hint in the output points to the last character of the whole env file. My patch will output I think this makes it easier to spot the issue. |
|
Even better would be if the output sayd |
The error looks correct to me. Multi-line quoted strings are possible, we cannot assume anything about their content. |
|
Okay, how should be proceed with this PR? Should I revert my fix and only provide the unit test, or should I change my fix to the version suggested by you? |
|
I'd be in favor of adopting my patch if you don't mind too much, and adapt tests accordingly. |
|
ping @Naitsirch |
|
Okay, I'll try to update my PR and will contact you in the next few days. |
If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error: ``` FOO="foo BAR="bar" ``` See symfony#34642 for more details.
|
@nicolas-grekas I have updated the patch following your suggestion and adjusted the unit test. |
|
Thank you @Naitsirch. |
…y quoted value (naitsirch) This PR was merged into the 3.4 branch. Discussion ---------- [Dotenv] Fixed infinite loop with missing quote followed by quoted value | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #34642 | License | MIT | Doc PR | If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error: ``` FOO="foo BAR="bar" ``` See #34642 for more details. Commits ------- eb69e13 [Dotenv] Fixed infinite loop with missing quote followed by quoted value
If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error:
See #34642 for more details.