php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79244 php crashes during parsing INI file
Submitted: 2020-02-07 17:29 UTC Modified: 2020-02-07 20:29 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: security at saur0n dot science Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 7.4.2 OS: Linux
Private report: No CVE-ID: None
 [2020-02-07 17:29 UTC] security at saur0n dot science
Description:
------------
php crashes during parsing INI file with function parse_ini_file() or parse_ini_string(). Both CLI and CGI versions are affected.

The crash occurs only if there is a section with integer name.

Test script:
---------------
<?php

$string=<<<__INI__
[9]



__INI__;

var_dump(parse_ini_string($string, TRUE, INI_SCANNER_TYPED));

Expected result:
----------------
Expected correct process termination.

Actual result:
--------------
PHP crashed:

                                                        Stack trace of thread 3685:
                                                        #0  0x0000559f487cd33f _zend_handle_numeric_str (php + 0x6e833f)
                                                        #1  0x0000559f4888d841 ini_parse (php + 0x7a8841)
                                                        #2  0x0000559f4888e289 zend_parse_ini_string (php + 0x7a9289)
                                                        #3  0x0000559f487cbc3e zif_parse_ini_string (php + 0x6e6c3e)
                                                        #4  0x0000559f489086eb ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (php + 0x8236eb)
                                                        #5  0x0000559f48907028 execute_ex (php + 0x822028)
                                                        #6  0x0000559f48954b45 zend_execute (php + 0x86fb45)
                                                        #7  0x0000559f488c49e4 zend_execute_scripts (php + 0x7df9e4)
                                                        #8  0x0000559f48859770 php_execute_script (php + 0x774770)
                                                        #9  0x0000559f48956ff8 do_cli (php + 0x871ff8)
                                                        #10 0x0000559f48715d1f main (php + 0x630d1f)
                                                        #11 0x00007f38d3f54e0b __libc_start_main (libc.so.6 + 0x26e0b)
                                                        #12 0x0000559f48715e1a _start (php + 0x630e1a)


Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-07 17:40 UTC] security at saur0n dot science
Can be reproduced on 7.0.8-0ubuntu0.16.04.3 as well.
 [2020-02-07 20:29 UTC] cmb@php.net
-Status: Open +Status: Verified
 [2020-02-10 05:07 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6295ff77b780705d132b15990c2904d2fe596e57
Log: Fixed bug #79244 (php crashes during parsing INI file). (Laruence)
 [2020-02-10 05:07 UTC] laruence@php.net
-Status: Verified +Status: Closed
 [2020-04-14 13:40 UTC] tuvirot at gmail dot com
The following pull request has been associated:

Patch Name: Ignore externally managed and generated files
On GitHub:  https://github.com/php/web-windows/pull/21
Patch:      https://github.com/php/web-windows/pull/21.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC