|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31479 chunk_split() segfaults with too high chunklen
Submitted: 2005-01-10 22:57 UTC Modified: 2005-01-18 16:49 UTC
Avg. Score:3.8 ± 1.6
Reproduced:4 of 5 (80.0%)
Same Version:3 (75.0%)
Same OS:4 (100.0%)
From: gz at moonky dot de Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 4CVS, 5CVS (2005-01-11) OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: gz at moonky dot de
New email:
PHP Version: OS:


 [2005-01-10 22:57 UTC] gz at moonky dot de
chunk_split() segfaults when chunklen is too big (possible dos?)

Reproduce code:
chunk_split(".", 1000000000);

Expected result:
ehrrm... ;-)

Actual result:
(gdb) bt
#0  0xb7d79cef in memcpy () from /lib/tls/
#1  0x080e6c21 in php_chunk_split (src=0x81f4afc "", srclen=1, end=0x8180d20 "\r\n", endlen=2, chunklen=1000000000, 
    destlen=0xbfffd544) at /home/moonky/src/php-4.3.9/ext/standard/string.c:1521
#2  0x080e6f98 in zif_chunk_split (ht=2, return_value=0x81ef874, this_ptr=0x0, return_value_used=0)
    at /home/moonky/src/php-4.3.9/ext/standard/string.c:1582


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-18 16:49 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon May 27 01:01:32 2024 UTC