Page MenuHomePhabricator

Fix "PHP Notice: Uninitialized string offset: 1 in includes/libs/jsminplus.php on line 1968"
Closed, ResolvedPublic

Description

Input (semicolon and minus sign, invalid javascript):

;
-

When parsing this, instead of throwing a "Parser error", the parser loses track somehow and emits:

Notice: Uninitialized string offset: 1 in includes/libs/jsminplus.php on line 1968

https://github.com/wikimedia/mediawiki/blob/16e3524bcab07f4f391cc32347d8732d734b1058/includes/libs/jsminplus.php#L1968

					if (in_array($op, $this->assignOps) && $input[strlen($op)] == '=')

Variable dump from this location:

$op
    string '-' (length=1)

$input
    string '-' (length=1)

$match
    array (size=2)
      0 => string '-' (length=1)
      1 => string '-' (length=1)

See also:

Details

Related Gerrit Patches:

Event Timeline

Krinkle created this task.Dec 8 2014, 4:30 PM
Krinkle raised the priority of this task from to Needs Triage.
Krinkle updated the task description. (Show Details)
Krinkle changed Security from none to None.
Krinkle added subscribers: Krinkle, Catrope.
Krinkle updated the task description. (Show Details)Dec 8 2014, 5:38 PM

jsminplus.php is external lib

Seems to need an upstream bug report

Aklapper triaged this task as Lowest priority.Feb 16 2015, 11:10 AM
Krinkle moved this task from Backlog to Accepted Enhancement on the MediaWiki-ResourceLoader board.
Krinkle edited projects, added Upstream; removed JavaScript.May 12 2017, 5:49 PM

I an still reproduce this:

> echo JSMinPlus::minify("; -");
PHP Notice:  Uninitialized string offset: 1 in /vagrant/mediawiki/includes/libs/jsminplus.php on line 1968
PHP Stack trace:
PHP   3. eval() /vagrant/mediawiki/maintenance/eval.php:78
PHP   4. JSMinPlus::minify() /vagrant/mediawiki/maintenance/eval.php(78) : eval()'d code:1
PHP   5. JSMinPlus->min() /vagrant/mediawiki/includes/libs/jsminplus.php:207
PHP   6. JSParser->parse() /vagrant/mediawiki/includes/libs/jsminplus.php:214
PHP   7. JSParser->Script() /vagrant/mediawiki/includes/libs/jsminplus.php:739
PHP   8. JSParser->Statements() /vagrant/mediawiki/includes/libs/jsminplus.php:748
PHP   9. JSTokenizer->isDone() /vagrant/mediawiki/includes/libs/jsminplus.php:774
PHP  10. JSTokenizer->peek() /vagrant/mediawiki/includes/libs/jsminplus.php:1778
PHP  11. JSTokenizer->get() /vagrant/mediawiki/includes/libs/jsminplus.php:1806
Restricted Application added a project: Performance-Team. · View Herald TranscriptNov 1 2018, 7:57 PM
Krinkle raised the priority of this task from Lowest to Low.Dec 11 2018, 6:52 PM
Krinkle removed a project: Upstream.

For the record, the upstream for this library is https://crisp.tweakblogs.net/blog/cat/716. We've successfully upstreamed patches before, although not since 2012. And it looks like it certainly isn't actively maintained, but if and when this is patched, we should at least send the author a note in case they're still looking after it for the benefit of other users.

Change 490266 had a related patch set uploaded (by Krinkle; owner: Krinkle):
[mediawiki/core@master] resourceloader: Ignore warnings in JSMinPlus parser

https://gerrit.wikimedia.org/r/490266

Krinkle claimed this task.Feb 13 2019, 1:46 AM
Krinkle moved this task from Backlog: Small & Maintenance to Doing on the Performance-Team board.

Change 490266 merged by jenkins-bot:
[mediawiki/core@master] resourceloader: Ignore warnings in JSMinPlus parser

https://gerrit.wikimedia.org/r/490266

mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:12 PM