php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Sec Bug #68663 out of bounds read in crc32
Submitted: 2014-12-28 03:40 UTC Modified: 2014-12-30 08:05 UTC
From: honey at internot dot info Assigned:
Status: Not a bug Package: *General Issues
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: honey at internot dot info
New email:
PHP Version: OS:

 

 [2014-12-28 03:40 UTC] honey at internot dot info 
Description:
------------
Hi,

In /ext/phar/phar.c, there is an explicit buffer overread:

2365                                memcpy(&(local.crc32), &(desc.crc32), 12);

But in ext/phar/pharzip.h:

41        char crc32[4];    


Thanks,

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-30 08:05 UTC] stas@php.net
-Status: Open +Status: Not a bug
 [2014-12-30 08:05 UTC] stas@php.net 
This looks like a case of harmless optimization - the memcpy copies three structures (crc32, compsize, uncompsize) in one set.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 14:01:30 2024 UTC