PHP :: Bug #39661 :: Crash when imploding null into sprintf

Bug #39661	Crash when imploding null into sprintf
Submitted:	2006-11-28 15:11 UTC	Modified:	2006-11-28 16:41 UTC
From:	mark at temporal-solutions dot co dot uk	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	5.2.0	OS:	Windows XP SP2
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-11-28 15:11 UTC] mark at temporal-solutions dot co dot uk

Description:
------------
Imploding an array containing a NULL as an argument to sprintf causes php-cgi.exe crash with null pointer read under IIS5.1 w/ Windows XP SP2 Pro.

Reproduce code:
---------------
<?
	$keys = array();
	$keys[] = NULL;
	sprintf('%s', implode(' ', $keys));
?>

Expected result:
----------------
Script execute and produce nothing.

Actual result:
--------------
CGI crash reading memory at 0x000000

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-28 15:20 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-11-28 15:28 UTC] mark at temporal-solutions dot co dot uk

Confirming latest snapshot fixes this error.

[2006-11-28 16:36 UTC] mark at temporal-solutions dot co dot uk

Unfortunately this snapshot seems to make all classes passed by value rather than by reference like they were in php4.

[2006-11-28 16:41 UTC] mark at temporal-solutions dot co dot uk

Edit: Discard; patching process created conflict in local paths and selected an INI that had the wrong php4 compatability set.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Nov 04 13:00:02 2025 UTC