|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2002-02-03 21:12 UTC] warwick at imvs dot sa dot gov dot au
I have tested both PHP 4.1.1 and PHP 4.05 and the following occurs for both.
The date('r') call returns the wrong timezone offset (in my case "+101800") which causes a buffer overflow in datetime.c
The date("Z") call correctly returns the timezone offset number of seconds (630 in my case).
The undocumented (in the PHP manual anyway) option to strftime('%z') returns the correct value of +1030.
The timezone abbreviation ("CST" in my case) is correctly returned with both the strftime("%Z") and date("T") calls.
This will often cause the process to seg fault and die, althought on more complex pages, this becomes quite consistant.
With the PHP compile option '--enable-debug', the following is reported in the Apache error log:
---------------------------------------
zend_execute_API.c(274) : Block 0x0813EDA0 status:
zend_variables.c(44) : Actual location (location was relayed)
Beginning: OK (allocated on datetime.c:331, 32 bytes)
End: Overflown (magic=0x2A8F0030 instead of 0x2A8FCC84)
2 byte(s) overflown
---------------------------------------
For PHP 4.1.1 the configure line is:
./configure --with-mysql=/usr/local/mysql --enable-track-vars --with-apxs=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/apache/conf --enable-bcmath --with-zlib --with-xml --with-gettext --with-imap=../imap --with-mcrypt --with-ldap=/usr/local --enable-ftp --without-gd --enable-debug
(Will be used for Horde's IMP webmail system)
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon May 05 22:01:30 2025 UTC |
This is a bug in the ext/standard/datetime.c php_date function. here is the diff *** php-4.1.1/ext/standard/datetime.c.orig Thu Feb 7 23:01:22 2002 --- php-4.1.1/ext/standard/datetime.c Thu Feb 7 23:02:09 2002 *************** *** 449,453 **** case 'O': /* GMT offset in [+-]HHMM format */ #if HAVE_TM_GMTOFF ! sprintf(tmp_buff, "%c%02d%02d", (ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), abs( ta->tm_gmtoff % 3600)); #else sprintf(tmp_buff, "%c%02d%02d", ((ta->tm_isdst ? tzone - 3600:tzone)>0)?'-':'+', abs((ta->tm_isdst ? tzone - 3600 : tzone) / 3600), abs((ta->tm_isdst ? tzone - 3600 : tzone) % 3600)); --- 449,453 ---- case 'O': /* GMT offset in [+-]HHMM format */ #if HAVE_TM_GMTOFF ! sprintf(tmp_buff, "%c%02d%02d", (ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), abs( ( ta->tm_gmtoff % 3600 ) / 60 )); #else sprintf(tmp_buff, "%c%02d%02d", ((ta->tm_isdst ? tzone - 3600:tzone)>0)?'-':'+', abs((ta->tm_isdst ? tzone - 3600 : tzone) / 3600), abs((ta->tm_isdst ? tzone - 3600 : tzone) % 3600)); *************** *** 500,504 **** (ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), ! abs( ta->tm_gmtoff % 3600) ); #else --- 500,504 ---- (ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), ! abs( (ta->tm_gmtoff % 3600) / 60 ) ); #else