PHP :: Bug #31479 :: chunk_split() segfaults with too high chunklen
- ️Mon Jan 10 2005
| Bug #31479 | chunk_split() segfaults with too high chunklen | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Submitted: | 2005-01-10 22:57 UTC | Modified: | 2005-01-18 16:49 UTC |
|
||||||||||
| From: | gz at moonky dot de | Assigned: | ||||||||||||
| Status: | Closed | Package: | Reproducible crash | |||||||||||
| PHP Version: | 4CVS, 5CVS (2005-01-11) | OS: | * | |||||||||||
| Private report: | No | CVE-ID: | None |
[2005-01-10 22:57 UTC] gz at moonky dot de
Description:
------------
chunk_split() segfaults when chunklen is too big (possible dos?)
Reproduce code:
---------------
<?php
chunk_split(".", 1000000000);
?>
Expected result:
----------------
ehrrm... ;-)
Actual result:
--------------
(gdb) bt
#0 0xb7d79cef in memcpy () from /lib/tls/libc.so.6
#1 0x080e6c21 in php_chunk_split (src=0x81f4afc "", srclen=1, end=0x8180d20 "\r\n", endlen=2, chunklen=1000000000,
destlen=0xbfffd544) at /home/moonky/src/php-4.3.9/ext/standard/string.c:1521
#2 0x080e6f98 in zif_chunk_split (ht=2, return_value=0x81ef874, this_ptr=0x0, return_value_used=0)
at /home/moonky/src/php-4.3.9/ext/standard/string.c:1582
[...]
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commitsRelated reports
[2005-01-18 16:49 UTC] iliaa@php.net
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better.