From 492c8c668f1edb708e49bcafbacb22c58e2877a5 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Fri, 28 Jan 2011 17:40:02 +0100
Subject: Avoid infinite loop in PKGBUILD variable parser (fixes FS#19482).

Improves variable substitution in the PKGBUILD parser a bit to avoid
infinite replacement loops when a PKGBUILD contains assigments of the
form "foo=${foo[@]}bar".

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/html/pkgsubmit.php | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

(limited to 'web/html/pkgsubmit.php')

diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index c39e2f9e..b15da3ff 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -178,16 +178,24 @@ if ($_COOKIE["AURSID"]):
 
 				# Simple variable replacement
 				$pattern_var = '/\$({?)([_\w]+)(}?)/';
-				while (preg_match($pattern_var,$v,$regs)) {
-					$pieces = explode(" ",$pkgbuild["$regs[2]"],2);
-
-					$pattern = '/\$'.$regs[1].$regs[2].$regs[3].'/';
-					if ($regs[2] != $k) {
-						$replacement = $pieces[0];
-					} else {
-						$replacement = "";
+				$offset = 0;
+				while (preg_match($pattern_var, $v, $regs, PREG_OFFSET_CAPTURE, $offset)) {
+					$var = $regs[2][0];
+					$pos = $regs[0][1];
+					$len = strlen($regs[0][0]);
+
+					if (isset($new_pkgbuild[$var])) {
+						$replacement = explode(" ", $new_pkgbuild[$var], 2);
+					}
+					elseif (isset($pkgbuild[$var]) && $var != $k) {
+						$replacement = explode(" ", $pkgbuild[$var], 2);
 					}
-					$v=preg_replace($pattern, $replacement, $v);
+					else {
+						$replacement = '';
+					}
+
+					$v = substr_replace($v, $replacement, $pos, $len);
+					$offset += strlen($replacement);
 				}
 				$new_pkgbuild[$k] = $v;
 			}
-- 
cgit v1.2.3-24-g4f1b