Bug #52929 [Com]: Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data

Tue, 28 Sep 2010 06:03:39 -0700 

Edit report at http://bugs.php.net/bug.php?id=52929&edit=1

 ID:                 52929
 Comment by:         support at hosting-agency dot de
 Reported by:        neufe...@php.net
 Summary:            Segfault in filter_var with FILTER_VALIDATE_EMAIL
                     with large amount of data
 Status:             Closed
 Type:               Bug
 Package:            Filter related
 PHP Version:        5.3.3
 Assigned To:        aharvey
 Block user comment: N

 New Comment:

This problem is also included in PHP version 5.2.14


Previous Comments:
------------------------------------------------------------------------
[2010-09-27 09:08:13] ahar...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2010-09-27 09:08:06] ahar...@php.net

Automatic comment from SVN on behalf of aharvey
Revision: http://svn.php.net/viewvc/?view=revision&revision=303779
Log: Fix bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
with large
amount of data).

------------------------------------------------------------------------
[2010-09-27 09:00:05] neufe...@php.net

Well, then how about please at least adding a pre-filter as rasmus
suggested? For the special case (I agree) of email-validation that
should be possible.

------------------------------------------------------------------------
[2010-09-27 08:47:09] ahar...@php.net

Fair call; I'll prosecute the argument for NO_RECURSE elsewhere!



The limit on address length is 320 octets per RFC 2821 (64 octet 

local-part + 1 octet "@" + 255 octet domain), so we may as well set

the limit there for now. (If RFC 5336 becomes widespread, that may

need to be revisited, but let's cross that bridge when we come to it.)

Any system that's so stack constrained for that to be an issue is

likely to have other problems anyway. :)



Fix for 5.3 and trunk forthcoming, just as soon as I write a test.

------------------------------------------------------------------------
[2010-09-27 07:24:16] ras...@php.net

Perhaps a simple pre-filter before we hit the regex.  You can't actually
have an 

8k email address.  There are length limits both before and after the @.

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=52929


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52929&edit=1

Reply via email to