PHP :: Bug #61000 :: Exceeding max nesting level doesn't delete numerical vars

Bug #61000	Exceeding max nesting level doesn't delete numerical vars
Submitted:	2012-02-07 09:45 UTC	Modified:	2012-03-02 03:18 UTC
From:	cataphract@php.net	Assigned:	laruence (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	trunk-SVN-2012-02-07 (snap)	OS:	Irrelevant
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cataphract@php.net
New email:
PHP Version:		OS:

New Comment:

[2012-02-07 09:45 UTC] cataphract@php.net

Description:
------------
Exceeding the max nesting level doesn't delete numerical vars, while it deletes the non-numerical ones. php_register_variable_ex inappropriately uses zend_hash_del.

(Found out by Stefan Esser, who points this can be used, together with max_input_vars, to determine whether PHP is a 32-bit or 64-bit process)

Test script:
---------------
With max nesting level=2:

http://nebm.ist.utl.pt/phpinfo?1[a][]=foo&1[a][b][c]=bar



Expected result:
----------------
_GET is empty

Actual result:
--------------
_GET["1"] =
Array
(
    [a] => Array
        (
            [0] => foo
        )

)

Patches

bug61000.patch (last revision 2012-02-08 06:08 UTC by laruence@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-02-08 06:08 UTC] laruence@php.net

The following patch has been added/updated:

Patch Name: bug61000.patch
Revision:   1328681292
URL:        https://bugs.php.net/patch-display.php?bug=61000&patch=bug61000.patch&revision=1328681292

[2012-02-08 06:10 UTC] laruence@php.net

I am wondering that was there a disscussion about how to fix this? seems replace 
zend_hash_del with zend_symbol_del will solve this issue. 

since it is so suspicious(seems too easy), so I attached my fix.

<laruence> I was wondering is there already a discussion about how to fix it ?  
if not, I think zend_symbol_del will works
<Rasmus> I think Catahract already had a fix, didn't he?
<Rasmus> it was probably just that though

thanks

[2012-02-08 14:07 UTC] laruence@php.net

Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323123
Log: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars).

[2012-02-08 14:10 UTC] laruence@php.net

-Assigned To: +Assigned To: laruence

[2012-02-08 14:10 UTC] laruence@php.net

fixed in 5.3, trunk. will close this when I commit to 5.4 after 5.4 release. 
thanks

[2012-03-02 03:17 UTC] laruence@php.net

Automatic comment from SVN on behalf of laruence
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=323769
Log: MFH: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars)

[2012-03-02 03:18 UTC] laruence@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-03-02 03:18 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2012-04-18 09:45 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59cbf74b7454188c356495a8446fc9e100a03144
Log: MFH: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars)

[2012-04-18 09:46 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6672171672044c6967492a2c2c094b648f8690e1
Log: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars).

[2012-07-24 23:37 UTC] rasmus@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59cbf74b7454188c356495a8446fc9e100a03144
Log: MFH: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars)

[2012-07-24 23:37 UTC] rasmus@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6672171672044c6967492a2c2c094b648f8690e1
Log: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars).

[2013-11-17 09:33 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=59cbf74b7454188c356495a8446fc9e100a03144
Log: MFH: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars)

[2013-11-17 09:33 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6672171672044c6967492a2c2c094b648f8690e1
Log: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC