ID: 40634 Updated by: [EMAIL PROTECTED] Reported By: judas dot iscariote at gmail dot com -Status: Open +Status: Closed Bug Type: Reproducible crash Operating System: linux PHP Version: 5CVS-2007-02-26 (CVS) New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-02-26 01:58:05] judas dot iscariote at gmail dot com Description: ------------ Current 5_2 seems to have a buffer overflow this issue is not present in released versions. this can be reproduced with php compiled in debug mode. Reproduce code: --------------- I dont have reproduce code atm, but it is as easy to load phpmyadmin,log-in (auth type cookie) and the error happends inmediately and permanent. Expected result: ---------------- no error Actual result: -------------- Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x00EA1EC8 status: Beginning: OK (allocated on /home/cristian/php5/main/spprintf.c:222, 79 bytes) Start: OK End: Overflown (magic=0x00000073 instead of 0xBBA15242) At least 4 bytes overflown --------------------------------------- [Sun Feb 25 22:49:43 2007] Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x010914A8 status: Invalid pointer: ((size=0x000000A9) != (next.prev=0x74617020)) --------------------------------------- hell:~ # rclighttpd restart Shutting down lighttpd done Starting lighttpd done hell:~ # [Sun Feb 25 22:50:07 2007] Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x00EA1EC8 status: Beginning: OK (allocated on /home/cristian/php5/main/spprintf.c:222, 79 bytes) Start: OK End: Overflown (magic=0x00000073 instead of 0x7B97D628) At least 4 bytes overflown --------------------------------------- [Sun Feb 25 22:50:08 2007] Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x010914A8 status: Invalid pointer: ((size=0x000000A9) != (next.prev=0x3D687461)) --------------------------------------- ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40634&edit=1
