php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67251 date_parse_from_format out-of-bounds read
Submitted: 2014-05-12 02:14 UTC Modified: 2014-05-14 00:17 UTC
From: stas@php.net Assigned: stas (profile)
Status: Closed Package: *General Issues
PHP Version: 5.4.28 OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: stas@php.net
New email:
PHP Version: OS:

 

 [2014-05-12 02:14 UTC] stas@php.net
Description:
------------
Date parsing routines do not check for string length when parsing the format with \.

Test script:
---------------
date_parse_from_format("\\","AAAABBBB");


Expected result:
----------------
no valgrind errors

Actual result:
--------------
==31573== Conditional jump or move depends on uninitialised value(s)
==31573==    at 0x450EE1: timelib_parse_from_format (parse_date.re:1890)
==31573==    by 0x44896C: zif_date_parse_from_format (php_date.c:3014)
==31573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==31573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==31573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==31573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==31573==    by 0x928472: do_cli (php_cli.c:1034)
==31573==    by 0x928EB7: main (php_cli.c:1378)
==31573== 
==31573== Conditional jump or move depends on uninitialised value(s)
==31573==    at 0x450F09: timelib_parse_from_format (parse_date.re:2132)
==31573==    by 0x44896C: zif_date_parse_from_format (php_date.c:3014)
==31573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==31573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==31573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==31573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==31573==    by 0x928472: do_cli (php_cli.c:1034)
==31573==    by 0x928EB7: main (php_cli.c:1378)
==31573== 
==31573== Conditional jump or move depends on uninitialised value(s)
==31573==    at 0x450F0D: timelib_parse_from_format (parse_date.re:2135)
==31573==    by 0x44896C: zif_date_parse_from_format (php_date.c:3014)
==31573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==31573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==31573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==31573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==31573==    by 0x928472: do_cli (php_cli.c:1034)
==31573==    by 0x928EB7: main (php_cli.c:1378)


Patches

fix-dateparse (last revision 2014-05-12 02:35 UTC by stas@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-12 02:35 UTC] stas@php.net
The following patch has been added/updated:

Patch Name: fix-dateparse
Revision:   1399862101
URL:        https://bugs.php.net/patch-display.php?bug=67251&patch=fix-dateparse&revision=1399862101
 [2014-05-14 00:16 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2014-05-14 00:16 UTC] stas@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2014-05-14 00:17 UTC] stas@php.net
-Type: Security +Type: Bug
 [2014-05-14 07:57 UTC] tyrael@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-05-18 17:18 UTC] dmitry@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-05-26 06:32 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-05-26 06:50 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-07-29 21:57 UTC] johannes@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-08-14 15:34 UTC] johannes@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-08-14 19:32 UTC] dmitry@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:14 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 13:01:29 2024 UTC