From: judas dot iscariote at gmail dot com Operating system: linux PHP version: 5CVS-2007-02-26 (CVS) PHP Bug Type: Reproducible crash Bug description: invalid pointer in ext/standard/head.c(140)
Description: ------------ Current 5_2 seems to have a buffer overflow this issue is not present in released versions. this can be reproduced with php compiled in debug mode. Reproduce code: --------------- I dont have reproduce code atm, but it is as easy to load phpmyadmin,log-in (auth type cookie) and the error happends inmediately and permanent. Expected result: ---------------- no error Actual result: -------------- Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x00EA1EC8 status: Beginning: OK (allocated on /home/cristian/php5/main/spprintf.c:222, 79 bytes) Start: OK End: Overflown (magic=0x00000073 instead of 0xBBA15242) At least 4 bytes overflown --------------------------------------- [Sun Feb 25 22:49:43 2007] Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x010914A8 status: Invalid pointer: ((size=0x000000A9) != (next.prev=0x74617020)) --------------------------------------- hell:~ # rclighttpd restart Shutting down lighttpd done Starting lighttpd done hell:~ # [Sun Feb 25 22:50:07 2007] Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x00EA1EC8 status: Beginning: OK (allocated on /home/cristian/php5/main/spprintf.c:222, 79 bytes) Start: OK End: Overflown (magic=0x00000073 instead of 0x7B97D628) At least 4 bytes overflown --------------------------------------- [Sun Feb 25 22:50:08 2007] Script: '/srv/www/htdocs/sql/index.php' --------------------------------------- /home/cristian/php5/ext/standard/head.c(140) : Block 0x010914A8 status: Invalid pointer: ((size=0x000000A9) != (next.prev=0x3D687461)) --------------------------------------- -- Edit bug report at http://bugs.php.net/?id=40634&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=40634&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=40634&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=40634&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=40634&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=40634&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=40634&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=40634&r=needscript Try newer version: http://bugs.php.net/fix.php?id=40634&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=40634&r=support Expected behavior: http://bugs.php.net/fix.php?id=40634&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=40634&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=40634&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=40634&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40634&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=40634&r=dst IIS Stability: http://bugs.php.net/fix.php?id=40634&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=40634&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=40634&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=40634&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=40634&r=mysqlcfg