ID: 43128
Updated by: [EMAIL PROTECTED]
Reported By: felipensp at gmail dot com
-Status: Assigned
+Status: Closed
Bug Type: Reproducible crash
Operating System: Linux
PHP Version: 5.3CVS-2007-10-29 (snap)
Assigned To: dmitry
New Comment:
Fixed in CVS HEAD and PHP_5_3.
Previous Comments:
------------------------------------------------------------------------
[2007-11-14 23:34:08] [EMAIL PROTECTED]
See also bug #43298
------------------------------------------------------------------------
[2007-11-13 09:59:16] [EMAIL PROTECTED]
The suggested patch is going to fix only one place, however the same
stack overflow may be reached using several other places which use
do_alloca(). I'll try to think about general solution.
------------------------------------------------------------------------
[2007-10-30 11:42:10] crrodriguez at suse dot de
Yes, an smaller limit like 1024 looks OK and is still high enough to
avoid annoying insane coders ;-)
------------------------------------------------------------------------
[2007-10-30 10:48:14] [EMAIL PROTECTED]
That would already allocate 64kb on the stack, I doubt that will work
on all systems. I would suggest a somewhat smaller limit, say 1024?
------------------------------------------------------------------------
[2007-10-30 10:37:39] crrodriguez at suse dot de
Index: Zend/zend_execute_API.c
===================================================================
RCS file: /repository/ZendEngine2/zend_execute_API.c,v
retrieving revision 1.331.2.20.2.24.2.8
diff -u -p -r1.331.2.20.2.24.2.8 zend_execute_API.c
--- Zend/zend_execute_API.c 7 Oct 2007 05:22:03 -0000
1.331.2.20.2.24.2.8
+++ Zend/zend_execute_API.c 30 Oct 2007 10:14:29 -0000
@@ -1073,6 +1073,10 @@ ZEND_API int zend_lookup_class_ex(const
if (name == NULL || !name_length) {
return FAILURE;
}
+
+ if(name_length >= ZEND_MAX_CLASSNAME_LEN) {
+ zend_error(E_ERROR, "Class name cannot be longer than
%d", ZEND_MAX_CLASSNAME_LEN);
+ }
lc_free = lc_name = do_alloca(name_length + 1);
zend_str_tolower_copy(lc_name, name, name_length);
Index: Zend/zend.h
===================================================================
RCS file: /repository/ZendEngine2/zend.h,v
retrieving revision 1.293.2.11.2.9.2.7
diff -u -p -r1.293.2.11.2.9.2.7 zend.h
--- Zend/zend.h 7 Oct 2007 05:22:02 -0000 1.293.2.11.2.9.2.7
+++ Zend/zend.h 30 Oct 2007 10:14:29 -0000
@@ -712,7 +712,7 @@ END_EXTERN_C()
#define ZEND_MAX_RESERVED_RESOURCES 4
-
+#define ZEND_MAX_CLASSNAME_LEN 65535
#include "zend_operators.h"
#include "zend_variables.h"
ZEND_MAX_CLASSNAME_LEN being the same as java, not to mention that I
dont see any reason why such insane long naming will be useful :-)
HTH.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/43128
--
Edit this bug report at http://bugs.php.net/?id=43128&edit=1
