PHP :: Bug #9083 :: Buffer overflow in ext/standard/datetime.c

Bug #9083	Buffer overflow in ext/standard/datetime.c
Submitted:	2001-02-02 17:08 UTC	Modified:	2001-02-02 17:57 UTC
From:	jpdalbec at cc dot ysu dot edu	Assigned:
Status:	Closed	Package:	Reproducible Crash
PHP Version:	4.0.4pl1	OS:	Linux for S/390
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jpdalbec at cc dot ysu dot edu
New email:
PHP Version:		OS:

New Comment:

[2001-02-02 17:08 UTC] jpdalbec at cc dot ysu dot edu

At least on my system,
<? print(date('r')); ?>
crashes the web server process.
This is because it's trying to put a 32-byte string into a 16-byte buffer.
 static void
 php_date(INTERNAL_FUNCTION_PARAMETERS, int gm)
 {
         pval **format, **timestamp;
         time_t the_time;
         struct tm *ta, tmbuf;
         int i, size = 0, length, h, beat;
-        char tmp_buff[16];
+        char tmp_buff[32];
 
         switch(ZEND_NUM_ARGS()) {
         case 1:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-02-02 17:22 UTC] elixer@php.net

This is fixed in CVS, please try snaps.php.net.

Sean

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed May 07 17:01:30 2025 UTC