Hi,
The function php_basename actually DOES access the char at s-1, i.e. one
byte before the string it is passed. If you hand it a buffer gotten from
malloc you get a valgrind hit. If I use emalloc this doesn't happen, I
guess emalloc has some header stuff before the allocation. If for
whatever
Ilia Alshanetsky wrote:
Do you have an example script that can be used to reproduce the supposed
memory access violation?
The function php_basename actually DOES access the char at s-1, i.e. one
byte before the string it is passed. If you hand it a buffer gotten from
malloc you get a valgrind hi
Hi,
iirc there may be a printf means to specify NULL as the padding character,
or to repeat an aribtrary character for a certain number of characters, but
it's escaping me at the moment. For the size of your padding this method
should introduce to horrible of a penalty.
Works like a charm, thanks.
> Both solutions will pad the string with ' ', but I need to pad it with
'\0'.
>
Ah, misunderstood you, try this one:
if (Z_STRLEN_PP(data) > 30) {
php_stream_write(stream, Z_STRVAL_PP(data), 30);
} else {
char blanks[30];
memset(blanks, 0, 30);
php_stream_write(stream, Z_STRVAL_PP(data),
Hi,
/* Not binary safe, but depending on your data that may be okay */
if (Z_STRLEN_PP(data) > 30) {
php_stream_write(stream, Z_STRVAL_PP(data), 30);
} else {
php_stream_printf(stream TSRMLS_CC, "%-30s", Z_STRVAL_PP(data));
}
Both solutions will pad the string with ' ', but I need to pad it wit
I think an ob_handler should be designed to handle output.
Not create (output), nor send emails.
I think the workaround is the other way around hehe
It's the way you want it to work that is a workaround, since there is
probably a better way to do it.
-I agree, print_r($var, true) should work but
> I'm currently using:
>
> php_stream_write(stream, Z_STRVAL_P(*data), 30);
>
> As the string is terminated with a zero-byte, it already works, but it
> would be better to fill the unused space with zero-bytes.
>
Actually, that'll also open the door to a potential segfault since you may
overrun the
Hi,
That's because you're telling it to write one character from the position
POINTED TO by the integer value. (i.e. Treat the integer like a pointer)
You're lucky you're getting data at all and not a segfault.
Try:
php_stream_putc(stream, (char)(Z_LVAL_P(*data) & 0xFF));
You are a livesaver! Th
Do you have an example script that can be used to reproduce the supposed
memory access violation?
Ilia
On June 14, 2004 01:51 pm, Alexander Valyalkin wrote:
> Here is patch for basename() function, which prevents possible
> memory access violation:
>
> =cut=
> --- string.cThu
Here is patch for basename() function, which prevents possible
memory access violation:
=cut=
--- string.cThu May 13 20:44:32 2004
+++ string_basename.c Mon Jun 14 20:43:33 2004
@@ -1079,9 +1079,9 @@
/* strip trailing slashes */
- while (*c == '/'
+while (c >= s && *
On Mon, 2004-06-14 at 12:48 +0200, Christian Schneider wrote:
> Alexander Valyalkin wrote:
> > It is only idle talk. Can you provide any string from my code which
> > violates your "coding standards"?
>
> Calm down. As I said before (obviously not clearly enough, I was hoping
> one of the 'projec
> But I do not know how to write the value to the stream
>
>php_stream_write(stream, (char*)Z_LVAL_P(*data), 1);
>
> This does not produce the result I need, instead the file contains 48 at
> this position.
>
That's because you're telling it to write one character from the position
POINTED TO
On Mon, 14 Jun 2004 12:10:46 -0400, Ilia Alshanetsky <[EMAIL PROTECTED]> wrote:
>
> Virtually all current uses involve some form of user input, which means that
> the user can exploit the problem. When bar[2048] is used to create a buffer
> of a certain known size that never change, with alloca a
Hi,
I'm working on ext/id3 (proposed in pecl) and I'm currently experiencing
a problem.
I got a function that is used to update the information in an ID3 tag.
The user passes an array and I update all information that has been
passed. One of the possible tokens is a genre ID which is represented
Virtually all current uses involve some form of user input, which means that
the user can exploit the problem. When bar[2048] is used to create a buffer
of a certain known size that never change, with alloca a buffer of undermined
size is created in most cases.
The only 'safe' way to use the fu
Ilia Alshanetsky wrote:
There is a rather nasty crash possible in PHP due to the usage of the alloca()
function as can be demonstrated by bug #28064.
Simpler bug replication case:
php -r ' $a = str_repeat("a", 1024 * 1024 * 6); defined($a); '
The following two fragments will lead to virtually ide
There is a rather nasty crash possible in PHP due to the usage of the alloca()
function as can be demonstrated by bug #28064.
Simpler bug replication case:
php -r ' $a = str_repeat("a", 1024 * 1024 * 6); defined($a); '
The problem is the result of missing checks to determine if alloca() had
work
I've just updated cvs.php.net to use mod_rewrite to allow URLs such as:
http://cvs.php.net/pear/Mail/
Old URLs will still work just fine, but the above style is used by default, so
if you want to update any website links, you can. Note that for top-level
directories, you *must* include the trailin
One last note on this :
the limitation I'm talking about is annoying in two cases for me :
- I can't use "print_r($var, true)" inside an ob_handler, because print_r uses
ob_start internally. And I need this to append some debug info to my buffer. The
workaround for this is to make my own print_r
On Mon, 14 Jun 2004 13:49:16 +0200, Ard Biesheuvel <[EMAIL PROTECTED]> wrote:
Alexander Valyalkin wrote:
:) Are you sure? I'm not. Look on declaration of [nr] variable:
int nr;
And answer, please, which value will be assigned to nr, if length of
a string will be greater than 0x7fff on 32-bit ar
Alexander Valyalkin wrote:
:) Are you sure? I'm not. Look on declaration of [nr] variable:
int nr;
And answer, please, which value will be assigned to nr, if length of
a string will be greater than 0x7fff on 32-bit architecture?
The funny thing is that in this case, it doesn't matter if 'nr' is
I've read CODING_STANDARDS (thanks to Christian Schneider) and corrected
my code according to your standards.
Also I've improved speed of algorithm. Now it is not duplicate the
string value of array item, if it is has string type already:
if (Z_TYPE_PP(tmp) != IS_STRING) {
/* create new ins
The implode() function uses very bad algorithm, which uses memory
reallocation very often. The speed of functions falls quickly with
increase of length of imploded array & data in it.
My version of implode() uses much better algorithm:
1) counts the amount of memory needed to result string
2) alloc
Alexander Valyalkin wrote:
It is only idle talk. Can you provide any string from my code which
violates your "coding standards"?
Calm down. As I said before (obviously not clearly enough, I was hoping
one of the 'project managers' would do that for me ;-)) you are missing
the point why people rej
On Mon, 14 Jun 2004 11:00:33 +0200 (CEST), Derick Rethans <[EMAIL PROTECTED]>
wrote:
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &p, &nr)
==
FAILURE) {
return;
}
/* !!! there is no error check nr < 0 */
Of course not, that's pointless as a string can never
On Mon, 14 Jun 2004, Alexander Valyalkin wrote:
> Thank you for good explanation and comments.
> Now I understood that the current crc32 implementation is better than mine.
> But it consists some ugly bugs (read my comments):
> PHP_NAMED_FUNCTION(php_if_crc32)
> {
> unsigned int crc = ~0;
>
On Sun, 13 Jun 2004 23:10:04 +, Curt Zirzow <[EMAIL PROTECTED]> wrote:
* Thus wrote Alexander Valyalkin ([EMAIL PROTECTED]):
Here is improved version of crc32() function.
Features:
1) Automatic initialization of crc32tab[] at first call.
So, the file crc32.h with definition of this tab is no
On Sun, 13 Jun 2004 11:24:12 +0200, Ard Biesheuvel <[EMAIL PROTECTED]> wrote:
First of all, crc32tab is no longer in the .text segment, so it will not
be shared between forked processes, taking more memory space than
necessary. Each process will have to initialise it as well, so the init
loop
PHP 4 Bug Database summary - http://bugs.php.net
Num Status Summary (838 total including feature requests)
===[*Compile Issues]==
28385 Open $(prefix)/lib/php/build/* was wrong attr.
===
On Sun, 13 Jun 2004, l0t3k wrote:
> thanks, i hadn't noticed that. still in the interest of efficiency i think
> an array should be allowed. or am i the only one having to use Pack on large
> sets of data ?
The problem with if we're going that way, this same argument might hold
for all other PHP
30 matches
Mail list logo
