PHP :: Bug #57403 :: Memory Access Error

Bug #57403

Memory Access Error

Submitted:

2006-11-28 08:49 UTC

Modified:

2020-11-03 17:45 UTC

Votes:	4
Avg. Score:	3.5 ± 0.9
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

adv at mdgrosse dot net

Assigned:

Status:

Suspended

Package:

POP3 (PECL)

PHP Version:

5.2.0 RC4

OS:

Linux, RH ES 4

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	adv at mdgrosse dot net
New email:
PHP Version:		OS:

New Comment:

[2006-11-28 08:49 UTC] adv at mdgrosse dot net

Description:
------------
I have an POP3-account with several 1000 mails. When I call pop3_get_message I occasionally get a memory access error.





Reproduce code:
---------------
I think the problem lies in the _pop3_fetch_message_part function. It can happen that the ending '\0' is written beyond the buffer.
Proposed solution: Reserve "size+1" bytes memory.

Patches

Pull Requests

Pull requests:

Turn the alpha down on the "highlighted line" background color (web-doc-editor/1)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-11-08 11:42 UTC] gk at gknw dot de

my POP3 account currently holds 3617 mails, and I get:
Mailbox message count: 3617
zend_mm_heap corrupted

I tried increasing the memory by one byte as you suggested, but still no go; I hope I did it at the right place - and that's what you mean??

--- pop3.c.orig	Mon Jul 25 23:47:04 2005
+++ pop3.c	Thu Nov 08 17:39:19 2007
@@ -172,8 +172,12 @@
 
 	intern = emalloc(sizeof(pop3_object));
 	intern->zo.ce = class_type;
+#if ZEND_MODULE_API_NO >= 20050922
+	intern->zo.guards = NULL;
+#else
 	intern->zo.in_get = 0;
 	intern->zo.in_set = 0;
+#endif /* ZEND_MODULE_API_NO >= 20050922 */
 	intern->zo.properties = NULL;
 	intern->ptr = NULL;
 
@@ -750,7 +754,7 @@
 	}
 
 	size = 2048;
-	result = emalloc(size);
+	result = emalloc(size + 1);
 	length = 0;
 
 	do {

[2020-11-03 17:45 UTC] cmb@php.net

-Status: Open +Status: Suspended

[2020-11-03 17:45 UTC] cmb@php.net

The POP3 extension is unmaintained (it had its latest release 15
years ago).  Until a new maintainer steps up, I'm suspending this
ticket.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jul 02 14:01:36 2025 UTC