PHP :: Bug #12154 :: GP Fault in Kernel32 if buffer too small in fgetcsv()

Bug #12154	GP Fault in Kernel32 if buffer too small in fgetcsv()
Submitted:	2001-07-13 18:26 UTC	Modified:	2001-10-30 11:51 UTC
From:	ken dot gregg at rwre dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.0.6	OS:	Win 95 SR2.1
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-07-13 18:26 UTC] ken dot gregg at rwre dot com

array = fgetcsv(fh, length[, delim]);

Documentation says length must be longer than the longest line including eol
chars. But it shouldn't gp fault.

Nice function. But it would sure be nice to not have to know the length of the 
longest line. This was a 75 mb file and it was 50% in that one line was 8K.

Easily reproduced. As soon as a line longer than the length parameter is 
encountered, immediate gp fault.

PHP caused an invalid page fault in
module KERNEL32.DLL at 016f:bff78769.
Registers:
EAX=06203538 CS=016f EIP=bff78769 EFLGS=00010202
EBX=0065eff8 SS=0177 ESP=0063f774 EBP=0063f7a8
ECX=39393120 DS=0177 ESI=0065e028 FS=ece7
EDX=2d2d2036 ES=0177 EDI=06204508 GS=0000
Bytes at CS:EIP:
89 51 08 8b 53 08 8b 43 04 8d 8b 0b 10 00 00 c1 
Stack dump:
0063f7a8 0065e030 00650000 0065c0b0 bff7994e 00650000 0065e028 00000fd0 
00000200 00654240 0065e818 0065dcf0 0065e028 0063f7f0 7800113d 00650000 

freebsd - php 4.0.2 core dumps on this also. php exits with message:
php in malloc() warning: modified (chunk-) pointer.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-10-30 11:51 UTC] jmoore@php.net

Cant reproduce.. looks like its been fixed to me, please reopen if it still occurs with latest cvs version.

Cheers,

- James

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 05:01:33 2024 UTC