php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73391 Writing of floats can cause OOB reads
Submitted: 2016-10-26 13:56 UTC Modified: 2016-10-26 14:49 UTC
From: cmb@php.net Assigned: cmb (profile)
Status: Closed Package: dbase (PECL)
PHP Version: 5.6.27 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2016-10-26 13:56 UTC] cmb@php.net 
Description:
------------
The fix for bug #39305 introduced a potential OOB read, which
happens when floats are written whose string representation is
shorter than the specified field lenght.


Test script:
---------------
<?php

$db = dbase_create(
    __DIR__ . DIRECTORY_SEPARATOR . 'dbase-float.dbf',
    array(
        array('num', 'N', 10, 2)
    )
);

dbase_add_record($db, array(1.23));

dbase_close($db);


Expected result:
----------------
valgrind doesn't report any issues

Actual result:
--------------
valgrind reports invalid reads

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-26 13:56 UTC] cmb@php.net
-Assigned To: +Assigned To: cmb
 [2016-10-26 14:09 UTC] cmb@php.net 
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=340713
Log: Fix #73391: Writing of floats can cause OOB reads

Floats whose string representation is shorter than the specified field
length have to be filled with leading spaces.
 [2016-10-26 14:48 UTC] cmb@php.net 
Automatic comment from SVN on behalf of cmb
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=340714
Log: Merged revision(s) 340713 from pecl/dbase/branches/dbase-5.1:
Fix #73391: Writing of floats can cause OOB reads

Floats whose string representation is shorter than the specified field
length have to be filled with leading spaces.
........
 [2016-10-26 14:49 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2021-04-06 10:18 UTC] git@php.net 
Automatic comment on behalf of 
Revision: https://github.com/php/pecl-database-dbase/commit/b59ed143027d60da7c0582739f49b601fd7f4e28
Log: Merged revision(s) 340713 from pecl/dbase/branches/dbase-5.1:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 13:01:31 2024 UTC