From ac542ec19218da4b1804f7d5f72a17000cab37ee Mon Sep 17 00:00:00 2001
From: Theodore Brown <theodorejb@outlook.com>
Date: Sun, 25 Aug 2019 00:33:51 -0500
Subject: [PATCH] Fix bug #78454

Resolves out of memory error when consecutive numeric separators follow a binary/hex literal.
---
 Zend/tests/bug78454_1.phpt   | 7 +++++++
 Zend/tests/bug78454_2.phpt   | 7 +++++++
 Zend/zend_language_scanner.l | 4 ++--
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 Zend/tests/bug78454_1.phpt
 create mode 100644 Zend/tests/bug78454_2.phpt

diff --git a/Zend/tests/bug78454_1.phpt b/Zend/tests/bug78454_1.phpt
new file mode 100644
index 0000000000000..184d358372e17
--- /dev/null
+++ b/Zend/tests/bug78454_1.phpt
@@ -0,0 +1,7 @@
+--TEST--
+Invalid consecutive numeric separators after hex literal
+--FILE--
+<?php
+0x0__F;
+--EXPECTF--
+Parse error: syntax error, unexpected '__F' (T_STRING) in %s on line %d
diff --git a/Zend/tests/bug78454_2.phpt b/Zend/tests/bug78454_2.phpt
new file mode 100644
index 0000000000000..b67b8396ac090
--- /dev/null
+++ b/Zend/tests/bug78454_2.phpt
@@ -0,0 +1,7 @@
+--TEST--
+Invalid consecutive numeric separators after binary literal
+--FILE--
+<?php
+0b0__1
+--EXPECTF--
+Parse error: syntax error, unexpected '__1' (T_STRING) in %s on line %d
diff --git a/Zend/zend_language_scanner.l b/Zend/zend_language_scanner.l
index 2e21ee7952e0d..84ed669dfb12e 100644
--- a/Zend/zend_language_scanner.l
+++ b/Zend/zend_language_scanner.l
@@ -1775,7 +1775,7 @@ NEWLINE ("\r"|"\n"|"\r\n")
 	char *end, *bin = yytext + 2;
 
 	/* Skip any leading 0s */
-	while (*bin == '0' || *bin == '_') {
+	while (len > 0 && (*bin == '0' || *bin == '_')) {
 		++bin;
 		--len;
 	}
@@ -1892,7 +1892,7 @@ NEWLINE ("\r"|"\n"|"\r\n")
 	char *end, *hex = yytext + 2;
 
 	/* Skip any leading 0s */
-	while (*hex == '0' || *hex == '_') {
+	while (len > 0 && (*hex == '0' || *hex == '_')) {
 		++hex;
 		--len;
 	}