PHP :: Bug #17137 :: access to invalid pointer in mb_convert

Bug #17137

access to invalid pointer in mb_convert_variables()

Submitted:

2002-05-10 05:08 UTC

Modified:

2002-06-17 20:56 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

tsukada at fminn dot nagano dot nagano dot jp

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

4.0CVS-2002-05-10

OS:

RedHat7.2

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	tsukada at fminn dot nagano dot nagano dot jp
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-05-10 05:08 UTC] tsukada at fminn dot nagano dot nagano dot jp

script:

<?php

$str = "a";
mb_convert_variables("utf-8", "utf-8,iso-8859-1", $str);
echo $str

?>



backtrace:

#0  0x4023bbdf in zif_mb_convert_variables (ht=3, return_value=0x80e7cac, this_ptr=0x0, return_value_used=0)
    at php4/ext/mbstring/mbstring.c:2785
#1  0x40337b8d in execute (op_array=0x80e7a64) at php4/Zend/zend_execute.c:1598
#2  0x403263c4 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at php4/Zend/zend.c:810
#3  0x402f2f0a in php_execute_script (primary_file=0xbfffeab0) at php4/main/main.c:1410
#4  0x4033caea in apache_php_module_main (r=0x80e0704, display_source_mode=0)
    at php4/sapi/apache/sapi_apache.c:55
#5  0x4033d958 in send_php (r=0x80e0704, display_source_mode=0, filename=0x80e2214 "test.php")
    at php4/sapi/apache/mod_php4.c:545
#6  0x4033d9d2 in send_parsed_php (r=0x80e0704) at php4/sapi/apache/mod_php4.c:560
#7  0x08054747 in ap_invoke_handler ()
#8  0x08069557 in process_request_internal ()
#9  0x080695b8 in ap_process_request ()
#10 0x08060701 in child_main ()



patch:

Index: mbstring.c
===================================================================
RCS file: /repository/php4/ext/mbstring/mbstring.c,v
retrieving revision 1.67
diff -u -r1.67 mbstring.c
--- mbstring.c	8 May 2002 12:30:47 -0000	1.67
+++ mbstring.c	10 May 2002 06:39:38 -0000
@@ -2782,8 +2782,8 @@
 							}
 						}
 					} else if (Z_TYPE_PP(var) == IS_STRING) {
-						string.val = Z_STRVAL_PP(args[n]);
-						string.len = Z_STRLEN_PP(args[n]);
+						string.val = Z_STRVAL_PP(var);
+						string.len = Z_STRLEN_PP(var);
 						if (mbfl_encoding_detector_feed(identd, &string TSRMLS_CC)) {
 							goto detect_end;		/* complete detecting */
 						}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-06-17 20:56 UTC] sniper@php.net

This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jul 07 15:01:36 2025 UTC