PHP :: Sec Bug #65266 :: heap corruption in xml parser

Sec Bug #65266	heap corruption in xml parser
Submitted:	2013-07-16 05:14 UTC	Modified:	2013-07-16 05:22 UTC
From:	aserbulov at parallels dot com	Assigned:
Status:	Duplicate	Package:	*XML functions
PHP Version:	5.4.17	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	aserbulov at parallels dot com
New email:
PHP Version:		OS:

New Comment:

[2013-07-16 05:14 UTC] aserbulov at parallels dot com

Description:
------------
Bug https://bugs.php.net/bug.php?id=65236 is actual for PHP 5.4.17

Badly formed XML might corrupt the heap.

Test script:
---------------
<?php
xml_parse_into_struct(xml_parser_create_ns(), str_repeat("<blah>", 1000), $a);

Expected result:
----------------
Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated

Actual result:
--------------
heap corruption

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-07-16 05:22 UTC] pajoye@php.net

-Status: Open +Status: Duplicate

[2013-07-16 05:22 UTC] pajoye@php.net

duplicate of #65236 and already fixed in 5.3 branch, 5.4 and 5.5 will follow 
shortly.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 10:01:28 2024 UTC