ID: 28583 Updated by: [EMAIL PROTECTED] Reported By: jed at jed dot bz -Status: Closed +Status: Bogus Bug Type: Unknown/Other Function Operating System: Windows XP Pro PHP Version: 5.0.0RC2 Assigned To: hholzgra New Comment:
We could not find a bug, so this bug report is bogus. Previous Comments: ------------------------------------------------------------------------ [2004-09-09 04:34:28] jed at jed dot bz Closed, not bogus. ------------------------------------------------------------------------ [2004-09-03 05:13:46] [EMAIL PROTECTED] Thank you for taking the time to report a problem with PHP. Unfortunately you are not using a current version of PHP -- the problem might already be fixed. Please download a new PHP version from http://www.php.net/downloads.php If you are able to reproduce the bug with one of the latest versions of PHP, please change the PHP version on this bug report to the version you tested and change the status back to "Open". Again, thank you for your continued support of PHP. I\'m unable to reproduce bug with current version of php5. ------------------------------------------------------------------------ [2004-05-30 21:36:03] jed at jed dot bz Description: ------------ Apache/2.0.49 (Win32) PHP/5.0.0RC2 Server Using create_function() incorrectly, i.e.: $y = create_function(NULL, "cos(4);"); ...causes instability in PHP itself as no checking is done on the create_function() arguments. Every so often when this script is refreshed, PHP dumps all kinds of garbage followed by what appears to be HTTP headers (viewable in Mozilla Firefox 0.8): => d getallheaders 1 1 1 1 1 1 1 1 1 2 ) 1 1 1 1 1 1 [ 4 user 5 ] => 6 Array 1 1 1 1 1 1 1 1 2 ( 1 1 1 1 1 1 1 1 2 ) 1 2 ) 6 0 HTTP/1.1 200 OK Date: Sun, 30 May 2004 19:22:08 (...) Then the actual script output starts, which is corrupted all the same. Internet Explorer 6 on the same page attempts to refresh the page automatically numerous times, and never finishes. Could this possibly be the beginning of some kind of exploit in PHP? I have no idea what the output means but I submit it for the benefit of community review. Reproduce code: --------------- <?php /* Refresh constantly to eventually see problem. */ $y = create_function(NULL, 'cos(4);'); print "<pre>"; $x = get_defined_functions(); print_r($x); print "</pre>"; ?> Expected result: ---------------- Array ( [internal] => Array ( [0] => zend_version (...) Actual result: -------------- 1 1 1 [ 2 65 5 ] => 8 unixtojd 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 66 5 ] => 8 jdtounix 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 67 5 ] => 9 cal_to_jd 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 68 5 ] => b cal_from_jd 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 69 5 ] => 11 cal_days_in_month 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 70 5 ] => 8 cal_info 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 71 5 ] => b variant_set 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 72 5 ] => b variant_add 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 73 5 ] => b variant_cat 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 74 5 ] => b variant_sub 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 75 5 ] => b variant_mul 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 76 5 ] => b variant_and 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 77 5 ] => b variant_div 1 1 1 1 1 1 1 1 1 1 1 1 1 1 [ 2 78 5 ] => b (...) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=28583&edit=1
