|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2015-02-07 07:36 UTC] mike@php.net
-Assigned To:
+Assigned To: mike
[2015-02-07 11:20 UTC] mike@php.net
[2015-02-07 11:20 UTC] mike@php.net
-Status: Assigned
+Status: Closed
[2015-02-07 11:27 UTC] mike@php.net
[2015-02-07 11:30 UTC] mike@php.net
[2015-02-08 20:44 UTC] mike@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sun Dec 22 11:01:30 2024 UTC |
Description: ------------ When passing a very long URL string to the http\Url constructor, very strange behaviour was observed. It seems like something is writing past the end of a buffer? The original observation from an actual application was that URLs with short query strings (< 200 characters) were behaving normally, URLs with medium-sized query strings had junk data in $url->query and URLs with large query strings (1000+ characters) had nothing in $url->query. Furthermore, the resulting object (with a URL containing more than 200 characters or so) exhibited strange behaviour: reading $url->path while within the same method that created the http\Url object was fine, but passing the object as a parameter to a different method would result in incorrect data being read. No errors or exceptions. I ran a quick test script, and it seems that there is a breakdown when the protocol + host + path + query component is longer than 192 characters. Playing around with the different URL parts gave me different results. Upgraded pecl_http to 2.2.0 from 2.1.4. This bug was NOT observed in 2.1.4. Built from PECL sources with libz 1.2.8, libcurl 7.38.0, libevent 2.0.21. Test script: --------------- for($i = 1; $i < 1000; $i++) { echo $i, "|", ($i + 24), PHP_EOL; $url = new \http\Url("http://www.example.com/?" . str_repeat("a", $i)); echo $url->query, PHP_EOL, PHP_EOL; } Expected result: ---------------- 1|25 a 2|26 aa ... snip ... 168|192 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 169|193 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ... snip ... 999|1023 a repeated 999 times Actual result: -------------- 1|25 a 2|26 aa ... snip ... 168|192 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 169|193 t.php <-- Note that this file is named 'bug-test.php', this is part of the file name ... snip ... 999|1023 t.php