PHP :: Bug #18947 :: memory related bug

Bug #18947	memory related bug
Submitted:	2002-08-16 15:44 UTC	Modified:	2002-08-16 15:54 UTC
From:	pgr75 at hotmail dot com	Assigned:
Status:	Closed	Package:	Bzip2 Related
PHP Version:	4.2.2	OS:	any
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pgr75 at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2002-08-16 15:44 UTC] pgr75 at hotmail dot com

Seen something similar in the bug database but dated from February and it's still in the current release.

The code under ext/bz2 has at least two bugs:

+ bzread without a length returns a string that is not '\0' terminated. On systems where (e)malloc returns a initialized memory it works fine, but when the memory is not initialized it breaks.
A quick fix is to use ecalloc instead of emalloc

+ bzcompress (and perhaps bzuncompress ?) uses a size argument for the second parameter of libz2's BZ2_bzBuffToBuffCompress function.
This parameter is NEVER initialized, it should be initialized to dest_len.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-08-16 15:54 UTC] kalowsky@php.net

Fixed in CVS.

The first was changed, the second has already been done.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jan 05 06:01:27 2025 UTC