PHP :: Bug #57575 :: Segmentation fault using FILTER_VALIDATE

Bug #57575	Segmentation fault using FILTER_VALIDATE_INT
Submitted:	2007-03-15 18:44 UTC	Modified:	2012-03-08 11:13 UTC
From:	rbotzer at yahoo dot com	Assigned:	pajoye (profile)
Status:	Closed	Package:	filter (PECL)
PHP Version:	5.1.6	OS:	CentOS 4.4 x86_64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	rbotzer at yahoo dot com
New email:
PHP Version:		OS:

New Comment:

[2007-03-15 18:44 UTC] rbotzer at yahoo dot com

Description:
------------
If I try to validate a variable that has a single space through FILTER_VALIDATE_INT it causes a segmentation fault.


Modules:
$ php -m
[PHP Modules]
apc
bz2
calendar
ctype
curl
date
dom
exif
filter
ftp
gettext
gmp
hash
iconv
json
libxml
mbstring
memcache
mime_magic
mysql
mysqli
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
posix
pspell
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zlib

[Zend Modules]


We're using the hardened-php patch 0.4.15.

Reproduce code:
---------------
<?php
$a = ' ';
$failed = false;if (filter_var($a, FILTER_VALIDATE_INT) === false) $failed = true;
var_dump ($failed);
?>

Expected result:
----------------
I expected to see:

bool(false)

Actual result:
--------------
Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-03-15 18:48 UTC] rbotzer at yahoo dot com

The stack trace:
#0  0x0000002a9e1f73c4 in php_filter_int (value=0x552b19b8f8,
flags=33554432,
    option_array=0x0, charset=Variable "charset" is not available.
)
    at /usr/src/redhat/BUILD/filter-0.11.0/logical_filters.c:207
#1  0x0000002a9e1f504b in php_zval_filter (value=0x7fbfff7848,
filter=Variable "                                              filter" is
not available.
)
    at /usr/src/redhat/BUILD/filter-0.11.0/filter.c:321
#2  0x0000002a9e1f58d0 in php_filter_call (filtered=0x7fbfff7848,
filter=257,
    filter_args=Variable "filter_args" is not available.
) at /usr/src/redhat/BUILD/filter-0.11.0/filter.c:592
#3  0x0000002a9e1f60fa in zif_filter_var (ht=Variable "ht" is not available.
)
    at /usr/src/redhat/BUILD/filter-0.11.0/filter.c:715
#4  0x0000002a9a191a7d in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fbfff80a0)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:200
#5  0x0000002a9a191381 in execute (op_array=0x552b199ba8)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:92
#6  0x0000002a9a191663 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fbfff9150)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:234
#7  0x0000002a9a191381 in execute (op_array=0x552b1769f8)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:92
#8  0x0000002a9a168037 in zend_call_function (fci=0x7fbfff9330,
fci_cache=Variab                                              le "fci_cache"
is not available.
)

[2007-03-15 19:24 UTC] rbotzer at yahoo dot com

It seems to work If the following patch is applied to filter_private.h

patch:
------
88a89
>       if(len > 0) { \
102a104
>  } \

[2007-05-15 16:28 UTC] davidc at agoraproduction dot com

This same example with php5.2.2 works for me.

deskboxen:~/development/p/pecl/filter davidcoallier$ php test1.php 
bool(true)

[2007-05-16 04:14 UTC] bunnyq at gmail dot com

It seems to be fixed in php 5.2.1 already.
http://www.php.net/ChangeLog-5.php#5.2.1

Is pecl filter package a bit earlier than php binded version?

[2007-05-16 06:21 UTC] pierre dot php at gmail dot com

"This same example with php5.2.2 works for me."

Yes, it is fixed in CVS and php releases.

"Is pecl filter package a bit earlier than php binded version?"

There is no pecl release containing this fix (and many other). A new release will be done asap.

[2012-03-08 11:13 UTC] pajoye@php.net

-Status: Assigned +Status: Closed

[2012-03-08 11:13 UTC] pajoye@php.net

Actually filter is now only maintained in core.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 20:01:29 2024 UTC