from:"max at cxib dot net"

[PHP-BUG] Bug #60264 [NEW]: stack/memory exhaustion

2011-11-11 Thread max at cxib dot net

From: 
Operating system: linux
PHP version:  5.4.0RC1
Package:  *Regular Expressions
Bug Type: Bug
Bug description:stack/memory exhaustion

Description:

pcre allow to stack or heap memory exhaustion

stack

cx () cx64:/www$ cat crash0.php

cx () cx64:/www$ php crash0.php
Segmentation fault





-- 
Edit bug report at https://bugs.php.net/bug.php?id=60264&edit=1
-- 
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60264&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60264&r=trysnapshot53
Try a snapshot (trunk):  
https://bugs.php.net/fix.php?id=60264&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60264&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=60264&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60264&r=alreadyfixed
Need backtrace:  
https://bugs.php.net/fix.php?id=60264&r=needtrace
Need Reproduce Script:   
https://bugs.php.net/fix.php?id=60264&r=needscript
Try newer version:   
https://bugs.php.net/fix.php?id=60264&r=oldversion
Not developer issue: 
https://bugs.php.net/fix.php?id=60264&r=support
Expected behavior:   
https://bugs.php.net/fix.php?id=60264&r=notwrong
Not enough info: 
https://bugs.php.net/fix.php?id=60264&r=notenoughinfo
Submitted twice: 
https://bugs.php.net/fix.php?id=60264&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60264&r=globals
PHP 4 support discontinued:  
https://bugs.php.net/fix.php?id=60264&r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=60264&r=dst
IIS Stability:   
https://bugs.php.net/fix.php?id=60264&r=isapi
Install GNU Sed: 
https://bugs.php.net/fix.php?id=60264&r=gnused
Floating point limitations:  
https://bugs.php.net/fix.php?id=60264&r=float
No Zend Extensions:  
https://bugs.php.net/fix.php?id=60264&r=nozend
MySQL Configuration Error:   
https://bugs.php.net/fix.php?id=60264&r=mysqlcfg

[PHP-BUG] Bug #60261 [NEW]: phar dos null pointer

2011-11-11 Thread max at cxib dot net

From: 
Operating system: linux
PHP version:  5.4.0RC1
Package:  PECL
Bug Type: Bug
Bug description:phar dos null pointer

Description:

file_name, 
intern->file_name_len)) {
<=CRASH HERE
1219char expanded_path[MAXPATHLEN];
1220

(gdb) print intern->file_name
$3 = 0x0


where

#define IS_ABSOLUTE_PATH(path, len) \
(len >= 2 && ((isalpha(path[0]) && path[1] == ':') || IS_UNC_PATH(path,
len)))


*/
$nx = new Phar();
$nx->getLinkTarget();
?>

Test script:
---
$nx = new Phar();
$nx->getLinkTarget();

or PharData()


-- 
Edit bug report at https://bugs.php.net/bug.php?id=60261&edit=1
-- 
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60261&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60261&r=trysnapshot53
Try a snapshot (trunk):  
https://bugs.php.net/fix.php?id=60261&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60261&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=60261&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60261&r=alreadyfixed
Need backtrace:  
https://bugs.php.net/fix.php?id=60261&r=needtrace
Need Reproduce Script:   
https://bugs.php.net/fix.php?id=60261&r=needscript
Try newer version:   
https://bugs.php.net/fix.php?id=60261&r=oldversion
Not developer issue: 
https://bugs.php.net/fix.php?id=60261&r=support
Expected behavior:   
https://bugs.php.net/fix.php?id=60261&r=notwrong
Not enough info: 
https://bugs.php.net/fix.php?id=60261&r=notenoughinfo
Submitted twice: 
https://bugs.php.net/fix.php?id=60261&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60261&r=globals
PHP 4 support discontinued:  
https://bugs.php.net/fix.php?id=60261&r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=60261&r=dst
IIS Stability:   
https://bugs.php.net/fix.php?id=60261&r=isapi
Install GNU Sed: 
https://bugs.php.net/fix.php?id=60261&r=gnused
Floating point limitations:  
https://bugs.php.net/fix.php?id=60261&r=float
No Zend Extensions:  
https://bugs.php.net/fix.php?id=60261&r=nozend
MySQL Configuration Error:   
https://bugs.php.net/fix.php?id=60261&r=mysqlcfg

[PHP-BUG] Bug #55296 [NEW]: wrong use efree(NULL) in intl

2011-07-27 Thread max at cxib dot net

From: 
Operating system: multiple
PHP version:  5.3.7RC3
Package:  *General Issues
Bug Type: Bug
Bug description:wrong use efree(NULL) in intl

Description:

intl_convert_utf8_to_utf16() is wrong used in a multiple points. Example

165 intl_convert_utf8_to_utf16(&uhaystack, &uhaystack_len, (char *)
haystack, haystack_len, &status );
166
167 if ( U_FAILURE( status ) ) {
168 /* Set global error code. */
169 intl_error_set_code( NULL, status TSRMLS_CC );
170
171 /* Set error messages. */
172 intl_error_set_custom_msg( NULL, "Error converting input
string to UTF-16", 0 TSRMLS_CC );
173 efree( uhaystack );
174 return -1;
175 }

efree() call to uhaystack => (efree(NULL)). sometime 'uhaystack' may be
NULL. It's a multiple problem in intl. Then efree() print error



-- 
Edit bug report at https://bugs.php.net/bug.php?id=55296&edit=1
-- 
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=55296&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=55296&r=trysnapshot53
Try a snapshot (trunk):  
https://bugs.php.net/fix.php?id=55296&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=55296&r=fixed
Fixed in SVN and need be documented: 
https://bugs.php.net/fix.php?id=55296&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=55296&r=alreadyfixed
Need backtrace:  
https://bugs.php.net/fix.php?id=55296&r=needtrace
Need Reproduce Script:   
https://bugs.php.net/fix.php?id=55296&r=needscript
Try newer version:   
https://bugs.php.net/fix.php?id=55296&r=oldversion
Not developer issue: 
https://bugs.php.net/fix.php?id=55296&r=support
Expected behavior:   
https://bugs.php.net/fix.php?id=55296&r=notwrong
Not enough info: 
https://bugs.php.net/fix.php?id=55296&r=notenoughinfo
Submitted twice: 
https://bugs.php.net/fix.php?id=55296&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=55296&r=globals
PHP 4 support discontinued:  
https://bugs.php.net/fix.php?id=55296&r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=55296&r=dst
IIS Stability:   
https://bugs.php.net/fix.php?id=55296&r=isapi
Install GNU Sed: 
https://bugs.php.net/fix.php?id=55296&r=gnused
Floating point limitations:  
https://bugs.php.net/fix.php?id=55296&r=float
No Zend Extensions:  
https://bugs.php.net/fix.php?id=55296&r=nozend
MySQL Configuration Error:   
https://bugs.php.net/fix.php?id=55296&r=mysqlcfg

[PHP-BUG] Req #54946 [NEW]: stream_get_contents infinite loop

2011-05-28 Thread max at cxib dot net

From: 
Operating system: NetBSD
PHP version:  5.3.6
Package:  Streams related
Bug Type: Feature/Change Request
Bug description:stream_get_contents infinite loop

Description:

#0  0xbb80eb77 in read () from /usr/lib/libc.so.12

#1  0xbb8e0efd in read () from /usr/lib/libpthread.so.0

#2  0x083e7e81 in _php_stream_fopen_from_pipe ()

#3  0x083dff2f in _php_stream_free ()

#4  0x083e00ec in _php_stream_read ()

#5  0x083e1684 in _php_stream_copy_to_mem ()





php_stream_copy_to_mem() generate infinite loop



Test script:
---


Expected result:

string or null

Actual result:
--
infinite loop

-- 
Edit bug report at http://bugs.php.net/bug.php?id=54946&edit=1
-- 
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=54946&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=54946&r=trysnapshot53
Try a snapshot (trunk):  
http://bugs.php.net/fix.php?id=54946&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=54946&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=54946&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=54946&r=alreadyfixed
Need backtrace:  
http://bugs.php.net/fix.php?id=54946&r=needtrace
Need Reproduce Script:   
http://bugs.php.net/fix.php?id=54946&r=needscript
Try newer version:   
http://bugs.php.net/fix.php?id=54946&r=oldversion
Not developer issue: 
http://bugs.php.net/fix.php?id=54946&r=support
Expected behavior:   
http://bugs.php.net/fix.php?id=54946&r=notwrong
Not enough info: 
http://bugs.php.net/fix.php?id=54946&r=notenoughinfo
Submitted twice: 
http://bugs.php.net/fix.php?id=54946&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=54946&r=globals
PHP 4 support discontinued:  http://bugs.php.net/fix.php?id=54946&r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=54946&r=dst
IIS Stability:   
http://bugs.php.net/fix.php?id=54946&r=isapi
Install GNU Sed: 
http://bugs.php.net/fix.php?id=54946&r=gnused
Floating point limitations:  
http://bugs.php.net/fix.php?id=54946&r=float
No Zend Extensions:  
http://bugs.php.net/fix.php?id=54946&r=nozend
MySQL Configuration Error:   
http://bugs.php.net/fix.php?id=54946&r=mysqlcfg

[PHP-BUG] Bug #60264 [NEW]: stack/memory exhaustion

[PHP-BUG] Bug #60261 [NEW]: phar dos null pointer

[PHP-BUG] Bug #55296 [NEW]: wrong use efree(NULL) in intl

[PHP-BUG] Req #54946 [NEW]: stream_get_contents infinite loop

4 matches

Site Navigation

Mail list logo

Footer information