[PHP-DEV] PHP 4.0 Bug #9083: Buffer overflow in ext/standard/datetime.c

[jpdalbec]

From:             [EMAIL PROTECTED]
Operating system: Linux for S/390
PHP version:      4.0.4pl1
PHP Bug Type:     Reproduceable crash
Bug description:  Buffer overflow in ext/standard/datetime.c

At least on my system,
<? print(date('r')); ?>
crashes the web server process.
This is because it's trying to put a 32-byte string into a 16-byte buffer.
 static void
 php_date(INTERNAL_FUNCTION_PARAMETERS, int gm)
 {
         pval **format, **timestamp;
         time_t the_time;
         struct tm *ta, tmbuf;
         int i, size = 0, length, h, beat;
-        char tmp_buff[16];
+        char tmp_buff[32];
 
         switch(ZEND_NUM_ARGS()) {
         case 1:



-- 
Edit Bug report at: http://bugs.php.net/?id=9083&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]