From: judas dot iscariote at gmail dot com
Operating system: linux
PHP version: 5CVS-2007-02-26 (CVS)
PHP Bug Type: Reproducible crash
Bug description: invalid pointer in ext/standard/head.c(140)
Description:
------------
Current 5_2 seems to have a buffer overflow this issue is not present in
released versions.
this can be reproduced with php compiled in debug mode.
Reproduce code:
---------------
I dont have reproduce code atm, but it is as easy to load
phpmyadmin,log-in (auth type cookie) and the error happends inmediately
and permanent.
Expected result:
----------------
no error
Actual result:
--------------
Script: '/srv/www/htdocs/sql/index.php'
---------------------------------------
/home/cristian/php5/ext/standard/head.c(140) : Block 0x00EA1EC8 status:
Beginning: OK (allocated on /home/cristian/php5/main/spprintf.c:222,
79 bytes)
Start: OK
End: Overflown (magic=0x00000073 instead of 0xBBA15242)
At least 4 bytes overflown
---------------------------------------
[Sun Feb 25 22:49:43 2007] Script: '/srv/www/htdocs/sql/index.php'
---------------------------------------
/home/cristian/php5/ext/standard/head.c(140) : Block 0x010914A8 status:
Invalid pointer: ((size=0x000000A9) != (next.prev=0x74617020))
---------------------------------------
hell:~ # rclighttpd restart
Shutting down lighttpd
done
Starting lighttpd
done
hell:~ # [Sun Feb 25 22:50:07 2007] Script:
'/srv/www/htdocs/sql/index.php'
---------------------------------------
/home/cristian/php5/ext/standard/head.c(140) : Block 0x00EA1EC8 status:
Beginning: OK (allocated on /home/cristian/php5/main/spprintf.c:222,
79 bytes)
Start: OK
End: Overflown (magic=0x00000073 instead of 0x7B97D628)
At least 4 bytes overflown
---------------------------------------
[Sun Feb 25 22:50:08 2007] Script: '/srv/www/htdocs/sql/index.php'
---------------------------------------
/home/cristian/php5/ext/standard/head.c(140) : Block 0x010914A8 status:
Invalid pointer: ((size=0x000000A9) != (next.prev=0x3D687461))
---------------------------------------
--
Edit bug report at http://bugs.php.net/?id=40634&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=40634&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=40634&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=40634&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=40634&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=40634&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=40634&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=40634&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=40634&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=40634&r=support
Expected behavior: http://bugs.php.net/fix.php?id=40634&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=40634&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=40634&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=40634&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40634&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=40634&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=40634&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=40634&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=40634&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=40634&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=40634&r=mysqlcfg
