PHP :: Bug #35630 :: strtotime('5 january 2006+3day+1day'); crashes

Bug #35630

strtotime('5 january 2006+3day+1day'); crashes

Submitted:

2005-12-11 09:32 UTC

Modified:

2005-12-13 03:30 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

sf at hyh dot pl

Assigned:

Derick (profile)

Status:

Closed

Package:

Date/time related

PHP Version:

5CVS-2005-12-11

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2005-12-11 09:32 UTC] sf at hyh dot pl

Description:
------------
strtotime sometimes exit with signal Segmentation fault, its always when you add some +sth and after add + without space

Reproduce code:
---------------
strtotime('5 january 2006+3day+1day'); // Segmentation fault
strtotime('5 january 2006+3day +1day'); // ok
strtotime('5 january 2006 +3 day +1 day'); // ok
strtotime('5 january 2006+3 day+1 month'); // Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-12-11 09:41 UTC] johannes@php.net

(gdb) run -r "strtotime('5 january 2006+3 day+1 month');" 
Starting 
program: /home/johannes/src/php/cvs/PHP_5_1/sapi/cli/php 
-r "strtotime(' 
5 january 2006+3 day+1 month');" 
 
Program received signal SIGSEGV, Segmentation fault. 
0x080a4bed in timelib_set_relative (ptr=0xbfffe9d4, 
amount=3, behavior=0, 
    s=0xbfffea20) at parse_date.re:544 
544             switch (relunit->unit) { 
(gdb) bt 
#0  0x080a4bed in timelib_set_relative (ptr=0xbfffe9d4, 
amount=3, behavior=0, 
    s=0xbfffea20) at parse_date.re:544 
#1  0x080a6e94 in scan (s=0xbfffea20) at 
parse_date.re:1355 
#2  0x080c20ad in timelib_strtotime ( 
    s=0x845c3ac "5 january 2006+3 day+1 month", len=28, 
errors=0xbfffeaa8, 
    tzdb=0x837a528) at parse_date.re:1427 
#3  0x080a2e37 in zif_strtotime (ht=1, 
return_value=0x845a55c, 
    return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) 
    
at /home/johannes/src/php/cvs/PHP_5_1/ext/date/php_date.c:811 
#4  0x08272aec in zend_do_fcall_common_helper_SPEC 
(execute_data=0xbfffeba0) 
    at zend_vm_execute.h:192 
#5  0x08275832 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0xbfffeba0) 
    at zend_vm_execute.h:1587 
#6  0x08272799 in execute (op_array=0x845adbc) at 
zend_vm_execute.h:92 
#7  0x0824aa6c in zend_eval_string ( 
    str=0xbffff163 "strtotime('5 january 2006+3 day+1 
month');", 
    retval_ptr=0x0, string_name=0x8320898 "Command line 
code") 
    
at /home/johannes/src/php/cvs/PHP_5_1/Zend/zend_execute_API.c:1049 
#8  0x0824abcc in zend_eval_string_ex ( 
    str=0xbffff163 "strtotime('5 january 2006+3 day+1 
month');", 
    retval_ptr=0x0, string_name=0x8320898 "Command line 
code", 
    handle_exceptions=1) 
    
at /home/johannes/src/php/cvs/PHP_5_1/Zend/zend_execute_API.c:1083 
#9  0x082bab3d in main (argc=3, argv=0xbfffef34) 
    
at /home/johannes/src/php/cvs/PHP_5_1/sapi/cli/php_cli.c:1116

[2005-12-13 03:30 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Mar 04 06:01:27 2025 UTC