PHP :: Bug #13612 :: Upload for files sometimes segfaults + patch

Bug #13612	Upload for files sometimes segfaults + patch
Submitted:	2001-10-09 10:06 UTC	Modified:	2001-10-09 10:16 UTC
From:	mw at sime dot com	Assigned:
Status:	Closed	Package:	HTTP related
PHP Version:	4.0.6	OS:	Linux tropica1 2.2.19ext3
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-10-09 10:06 UTC] mw at sime dot com

PHP crashes in rfc1867.c:173, because the variable "rem" is made smaller 2 bytes for every file upload input than it should. a hacky fix is to add the following line to the file rfc1867.c, around line 435:
  state = 0;
  rem -= (loc - ptr);
  ptr = loc;
+ rem = cnt - (buf - ptr);
  break;

but this is not enough imho. in line 173 it should be checked if "loc" is NULL.

I've a complete dump of the form-data and the apache environment, so contact me if you need further information.

Tested with PHP-4.0.6, Apache 1.3.12, Linux 2.2.19, IE 6.0 and NS 6.1

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-10-09 10:16 UTC] sniper@php.net

This should be fixed in CVS. (and in PHP 4.0.7RC3)
So please try the latest CVS snapshot from http://snaps.php.net/ and reopen this bug report if it doesn't work.

--Jani

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 23:01:29 2024 UTC