Jani Taskinen wrote:
> http://bugs.php.net/bug.php?id=44938&edit=1
>
> Marked critical but propably isn't. Also depatable whether it's a PHP
> bug at all..
Probably the library exhausting memory using alloca I'd say.
I whipped together a little patch against HEAD which restricts the
length of a text domain string to 10000 bytes to avoid problems in the
underlying library.
Note: I haven't been able to compile HEAD right now so I couldn't test
the patch really. But it compiles and should be rather trivial to
review/test.
- Chris
Index: ext/gettext/gettext.c
===================================================================
RCS file: /repository/php-src/ext/gettext/gettext.c,v
retrieving revision 1.58
diff -u -r1.58 gettext.c
--- ext/gettext/gettext.c 24 Oct 2008 14:34:13 -0000 1.58
+++ ext/gettext/gettext.c 29 Oct 2008 13:47:15 -0000
@@ -30,6 +30,8 @@
#include "ext/standard/info.h"
#include "php_gettext.h"
+#define MAX_DOMAIN_LENGTH 10000 /* Maximum length of textdomain name
length */
+
/* {{{ arginfo */
ZEND_BEGIN_ARG_INFO(arginfo_textdomain, 0)
ZEND_ARG_INFO(0, domain)
@@ -162,6 +164,10 @@
return;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long, ignoring");
+ domain_str = NULL;
+ }
if (!domain_len || (domain_len == 1 && *domain_str == '0')) {
domain_str = NULL;
}
@@ -193,6 +199,10 @@
if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s&s&",
&domain_str, &domain_len, ZEND_U_CONVERTER(UG(filesystem_encoding_conv)),
&msgid_str, &msgid_len, UG(ascii_conv))) {
return;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long, ignoring");
+ domain_str = NULL;
+ }
RETURN_STRING(dgettext(domain_str, msgid_str), ZSTR_DUPLICATE);
}
/* }}} */
@@ -208,6 +218,10 @@
if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC,
"s&s&l", &domain_str, &domain_len,
ZEND_U_CONVERTER(UG(filesystem_encoding_conv)), &msgid_str, &msgid_len,
UG(ascii_conv), &category)) {
return;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long, ignoring");
+ domain_str = NULL;
+ }
RETURN_STRING(dcgettext(domain_str, msgid_str, category),
ZSTR_DUPLICATE);
}
/* }}} */
@@ -223,6 +237,10 @@
return;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long");
+ RETURN_FALSE;
+ }
if (!domain_len) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "the first
parameter must not be empty");
RETURN_FALSE;
@@ -273,6 +291,10 @@
RETURN_FALSE;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long, ignoring");
+ domain_str = NULL;
+ }
if ((msgstr = dngettext(domain_str, msgid_str1, msgid_str2, count))) {
RETURN_STRING(msgstr, ZSTR_DUPLICATE);
} else {
@@ -295,6 +317,10 @@
RETURN_FALSE;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long, ignoring");
+ domain_str = NULL;
+ }
if ((msgstr = dcngettext(domain_str, msgid_str1, msgid_str2, count,
category))) {
RETURN_STRING(msgstr, ZSTR_DUPLICATE);
} else {
@@ -316,6 +342,10 @@
return;
}
+ if (domain_len > MAX_DOMAIN_LENGTH) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "domain passed too
long");
+ RETURN_FALSE;
+ }
if (!codeset_len) {
codeset_str = NULL;
}
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
