PHP :: Bug #3027 :: error_log interpets % as printf formats and chrashes

Bug #3027	error_log interpets % as printf formats and chrashes
Submitted:	1999-12-22 14:49 UTC	Modified:	2002-09-30 17:18 UTC
From:	zot at zotconsulting dot com	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	3.0.12	OS:	Linux, FreeBSD
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	zot at zotconsulting dot com
New email:
PHP Version:		OS:

New Comment:

[1999-12-22 14:49 UTC] zot at zotconsulting dot com

error_log("'%eagle'");

produces in the apache error_log:
[Wed Dec 22 11:28:26 1999] [error] '5.318473e-315agle'

other printf strings.  In a sql statement of length it crashes repeatedly on any query that has a %e %f %g %h %n

My guess is error_log is taking from the next set of arguments, the values for %.  Thus it is causing a buffer overflow from time to time. though error_log("'%etttt'");  shows the same scientific number as eagle.

I have tested this under Redhat 6.0, Apache/1.3.9, PHP 3.0.12.  FreeBSd with Apache/1.3.3, PHP 3.0.6, and Redhat 5.1, Red Hat Secure/2.0,  PHP3.0.8.

a '%%' prints % just fine.


I have added a note to the error_log page.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-09-30 17:18 UTC] hholzgra@php.net

can't reproduce in 4.2.3 apache module, 
and both 4.2.3 and 3.0.18 cgi binaries produce identical (correct) output

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Nov 28 09:00:01 2025 UTC