PHP :: Bug #22753 :: size_t unsigned error causes endless loop

Bug #22753	size_t unsigned error causes endless loop
Submitted:	2003-03-17 14:42 UTC	Modified:	2003-03-18 09:09 UTC
From:	hak at cooper dot edu	Assigned:	wez (profile)
Status:	Closed	Package:	Reproducible crash
PHP Version:	4CVS-2003-03-17 (stable)	OS:	Linux 2.4
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	hak at cooper dot edu
New email:
PHP Version:		OS:

New Comment:

[2003-03-17 14:42 UTC] hak at cooper dot edu

Diffing between 4.3.1 and Mar 13 STABLE it appears
you are already working on this bug.  In network.c:
php_sockop_write, you had previously declared didwrite
as size_t, which is unsigned on some OS (e.g. Linux).
Therefore, an error in the send system call was not
detected.  The STABLE release changes didwrite to an
int but in streams.c:_php_stream_write, the return
value still gets assigned into size_t justwrote, and
therefore you get stuck in an endless loop because the
check justwrote>0 i.e. (unsigned)0xFFFFFFFF>0 is true.

Fix is to either change justwrote to an int, or
to add the following to the end of sockop_write:
return didwrite<0?0:didwrite;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-03-17 19:53 UTC] sniper@php.net

Assigned to Wez, must be fixed for PHP 4.3.2.

[2003-03-18 09:09 UTC] wez@php.net

Already fixed in CVS as the reporter stated.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue May 13 10:01:27 2025 UTC