ID: 24556 Updated by: [EMAIL PROTECTED] Reported By: asykakimo at yahoo dot com dot tw -Status: Verified +Status: Assigned Bug Type: Strings related Operating System: Win2000 PHP Version: 4.3.3RC2-dev Assigned To: moriyoshi
Previous Comments: ------------------------------------------------------------------------ [2003-07-09 08:20:37] [EMAIL PROTECTED] This patch seems to plug the overflow: Index: string.c =================================================================== RCS file: /repository/php-src/ext/standard/string.c,v retrieving revision 1.333.2.32 diff -u -r1.333.2.32 string.c --- string.c 29 Jun 2003 15:36:10 -0000 1.333.2.32 +++ string.c 9 Jul 2003 13:17:51 -0000 @@ -3336,7 +3336,7 @@ br = 0; if (allow) { php_strtolower(allow, allow_len); - tbuf = emalloc(PHP_TAG_BUF_SIZE+1); + tbuf = emalloc(PHP_TAG_BUF_SIZE+2); tp = tbuf; } else { tbuf = tp = NULL; ------------------------------------------------------------------------ [2003-07-09 08:13:21] [EMAIL PROTECTED] This is not file_get_contents() or any other filesystem function related: --------------------------------------- /usr/src/web/php/php4_3/ext/standard/string.c(3530) : Block 0x0874B580 status: Beginning: OK (allocated on /usr/src/web/php/php4_3/ext/standard/string.c:3339, 1024 bytes) End: Overflown (magic=0x2A8FCC63 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- href/usr/src/web/php/php4_3/ext/standard/string.c(3339) : Freeing 0x0874B5A4 (1024 bytes), script=t.php strip_tags() causes the crash. (leaks seem to crash winblows, not linux :) ------------------------------------------------------------------------ [2003-07-09 02:24:43] asykakimo at yahoo dot com dot tw Description: ------------ The file_get_contents will cause PHP crash in the following code: $contents=str_replace("\n"," ",file_get_contents($file)); $contents=strip_tags($contents,'<a><frame><area><meta>'); $tags=(preg_match("|</frameset>|i",$contents))?"src":"href"; $tags=(preg_match("|<meta http-equiv=\"?refresh\"?.*url|i",$contents))?"url":$tags; echo $tags; ------------------------------------------------------------ The $file variable is come from http://www.starwars.com/index.html If I replace the file_get_contents with fread function, the php remain this bug too. Thank ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24556&edit=1