ID: 15362
Updated by: [EMAIL PROTECTED]
-Reported By: [EMAIL PROTECTED]
+Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Date/time related
Operating System: Linux 6.2 and 7.2
PHP Version: 4.1.1
New Comment:
This is a bug in the ext/standard/datetime.c php_date function.
here is the diff
*** php-4.1.1/ext/standard/datetime.c.orig Thu Feb 7 23:01:22
2002
--- php-4.1.1/ext/standard/datetime.c Thu Feb 7 23:02:09 2002
***************
*** 449,453 ****
case 'O': /* GMT offset in
[+-]HHMM format */
#if HAVE_TM_GMTOFF
! sprintf(tmp_buff, "%c%02d%02d",
(ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), abs(
ta->tm_gmtoff % 3600));
#else
sprintf(tmp_buff, "%c%02d%02d",
((ta->tm_isdst ? tzone - 3600:tzone)>0)?'-':'+', abs((ta->tm_isdst ?
tzone - 3600 : tzone) / 3600), abs((ta->tm_isdst ? tzone - 3600 :
tzone) % 3600));
--- 449,453 ----
case 'O': /* GMT offset in
[+-]HHMM format */
#if HAVE_TM_GMTOFF
! sprintf(tmp_buff, "%c%02d%02d",
(ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), abs( (
ta->tm_gmtoff % 3600 ) / 60 ));
#else
sprintf(tmp_buff, "%c%02d%02d",
((ta->tm_isdst ? tzone - 3600:tzone)>0)?'-':'+', abs((ta->tm_isdst ?
tzone - 3600 : tzone) / 3600), abs((ta->tm_isdst ? tzone - 3600 :
tzone) % 3600));
***************
*** 500,504 ****
(ta->tm_gmtoff < 0) ? '-' :
'+',
abs(ta->tm_gmtoff / 3600),
! abs( ta->tm_gmtoff % 3600)
);
#else
--- 500,504 ----
(ta->tm_gmtoff < 0) ? '-' :
'+',
abs(ta->tm_gmtoff / 3600),
! abs( (ta->tm_gmtoff % 3600) /
60 )
);
#else
Previous Comments:
------------------------------------------------------------------------
[2002-02-03 21:12:13] [EMAIL PROTECTED]
I have tested both PHP 4.1.1 and PHP 4.05 and the following occurs for
both.
The date('r') call returns the wrong timezone offset (in my case
"+101800") which causes a buffer overflow in datetime.c
The date("Z") call correctly returns the timezone offset number of
seconds (630 in my case).
The undocumented (in the PHP manual anyway) option to strftime('%z')
returns the correct value of +1030.
The timezone abbreviation ("CST" in my case) is correctly returned with
both the strftime("%Z") and date("T") calls.
This will often cause the process to seg fault and die, althought on
more complex pages, this becomes quite consistant.
With the PHP compile option '--enable-debug', the following is reported
in the Apache error log:
---------------------------------------
zend_execute_API.c(274) : Block 0x0813EDA0 status:
zend_variables.c(44) : Actual location (location was relayed)
Beginning: OK (allocated on datetime.c:331, 32 bytes)
End: Overflown (magic=0x2A8F0030 instead of 0x2A8FCC84)
2 byte(s) overflown
---------------------------------------
For PHP 4.1.1 the configure line is:
./configure --with-mysql=/usr/local/mysql --enable-track-vars
--with-apxs=/usr/local/apache/bin/apxs
--with-config-file-path=/usr/local/apache/conf --enable-bcmath
--with-zlib --with-xml --with-gettext --with-imap=../imap --with-mcrypt
--with-ldap=/usr/local --enable-ftp --without-gd --enable-debug
(Will be used for Horde's IMP webmail system)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15362&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
