php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #3027 error_log interpets % as printf formats and chrashes
Submitted: 1999-12-22 14:49 UTC Modified: 2002-09-30 17:18 UTC
From: zot at zotconsulting dot com Assigned:
Status: Closed Package: Reproducible Crash
PHP Version: 3.0.12 OS: Linux, FreeBSD
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: zot at zotconsulting dot com
New email:
PHP Version: OS:

 

 [1999-12-22 14:49 UTC] zot at zotconsulting dot com 
error_log("'%eagle'");

produces in the apache error_log:
[Wed Dec 22 11:28:26 1999] [error] '5.318473e-315agle'

other printf strings.  In a sql statement of length it crashes repeatedly on any query that has a %e %f %g %h %n

My guess is error_log is taking from the next set of arguments, the values for %.  Thus it is causing a buffer overflow from time to time. though error_log("'%etttt'");  shows the same scientific number as eagle.

I have tested this under Redhat 6.0, Apache/1.3.9, PHP 3.0.12.  FreeBSd with Apache/1.3.3, PHP 3.0.6, and Redhat 5.1, Red Hat Secure/2.0,  PHP3.0.8.

a '%%' prints % just fine.


I have added a note to the error_log page.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-09-30 17:18 UTC] hholzgra@php.net 
can't reproduce in 4.2.3 apache module, 
and both 4.2.3 and 3.0.18 cgi binaries produce identical (correct) output
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 18:01:35 2024 UTC