Re: [PHP] [security] PHP has DoS vuln with large decimal points

hi, On Mon, Jan 17, 2011 at 5:21 AM, Tommy Pham tommy...@gmail.com wrote: Thanks Dan.  I'll keep it in mind for the future.  For interested parties, that's found in the official Windows 5.3.3 NTS VC9 build.  Works fine with the current official 5.3.5 NTS VC9. 5.3.5 was released only to fix

RE: [PHP] [security] PHP has DoS vuln with large decimal points

-Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Thursday, January 06, 2011 5:49 PM To: 'Daevid Vincent' Cc: 'php-general@lists.php.net' Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points -Original Message- From: Daevid Vincent

RE: [PHP] [security] PHP has DoS vuln with large decimal points

-Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Sunday, January 16, 2011 4:18 PM To: 'php-general@lists.php.net' Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points snip I found something really weird while coding a validator

Re: [PHP] [security] PHP has DoS vuln with large decimal points

On 1/16/2011 4:18 PM, Tommy Pham wrote: -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Thursday, January 06, 2011 5:49 PM To: 'Daevid Vincent' Cc: 'php-general@lists.php.net' Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points

Re: [PHP] [security] PHP has DoS vuln with large decimal points

On Sun, Jan 16, 2011 at 21:00, Tommy Pham tommy...@gmail.com wrote: Here are the results after some further tests for the same platform: * max float value: 1.7976931348623E+308 * min float value:  9.8813129168249E-324   floatval('1.00e-323') weird ... PHP wil hang when

RE: [PHP] [security] PHP has DoS vuln with large decimal points

-Original Message- From: Jim Lucas [mailto:li...@cmsws.com] Sent: Sunday, January 16, 2011 6:54 PM To: Tommy Pham Cc: php-general@lists.php.net Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points On 1/16/2011 4:18 PM, Tommy Pham wrote: -Original Message

[PHP] Re: [PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points

On 2011-01-16, at 9:59 PM, Daniel Brown danbr...@php.net wrote: On Sun, Jan 16, 2011 at 21:00, Tommy Pham tommy...@gmail.com wrote: Here are the results after some further tests for the same platform: * max float value: 1.7976931348623E+308 * min float value: 9.8813129168249E-324

RE: [PHP] [security] PHP has DoS vuln with large decimal points

-Original Message- From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of Daniel Brown Sent: Sunday, January 16, 2011 7:00 PM To: Tommy Pham Cc: PHP General; PHP Internals List; secur...@php.net Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points

RE: [PHP] [security] PHP has DoS vuln with large decimal points

-Original Message- From: Daevid Vincent [mailto:dae...@daevid.com] Sent: Wednesday, January 05, 2011 11:36 AM To: php-general@lists.php.net Subject: [PHP] [security] PHP has DoS vuln with large decimal points The error in the way floating-point and double-precision numbers

[PHP] [security] PHP has DoS vuln with large decimal points

The error in the way floating-point and double-precision numbers are handled sends 32-bit systems running Linux, Windows, and FreeBSD into an infinite loop that consumes 100 percent of their CPU's resources. Developers are still investigating, but they say the bug appears to affect versions 5.2