PHP :: Bug #9083 :: Buffer overflow in ext/standard/datetime.c

Bug #9083	Buffer overflow in ext/standard/datetime.c
Submitted:	2001-02-02 17:08 UTC	Modified:	2001-02-02 17:57 UTC
From:	jpdalbec at cc dot ysu dot edu	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0.4pl1	OS:	Linux for S/390
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-02-02 17:08 UTC] jpdalbec at cc dot ysu dot edu

At least on my system,
<? print(date('r')); ?>
crashes the web server process.
This is because it's trying to put a 32-byte string into a 16-byte buffer.
 static void
 php_date(INTERNAL_FUNCTION_PARAMETERS, int gm)
 {
         pval **format, **timestamp;
         time_t the_time;
         struct tm *ta, tmbuf;
         int i, size = 0, length, h, beat;
-        char tmp_buff[16];
+        char tmp_buff[32];
 
         switch(ZEND_NUM_ARGS()) {
         case 1:

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-02-02 17:22 UTC] elixer@php.net

This is fixed in CVS, please try snaps.php.net.

Sean

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 01:01:30 2024 UTC