|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #3291 SAPI_POST_READER_FUNC(...) & erealloc(...) work incorrect
Submitted: 2000-01-24 05:37 UTC Modified: 2000-04-01 13:18 UTC
From: anton at concord dot ru Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.0 Beta 3 OS: WinNT 4.0+SP 4+IIS 4.0
Private report: No CVE-ID: None
 [2000-01-24 05:37 UTC] anton at concord dot ru
Part two of report bug number #3041:

"I can confirm identical behaviour on my NT box with the cgi version of
4.0b3, however the ISAPI version hangs even with very small graphic files
(eg 1K). After the hang, the php isapi module cannot be used without
stopping and starting iis."

I localized this bug.

function from SAPI.c call erealloc(...) function in cycle to increase buffer size for readed post data and return pointer to new empty portion. On first step of cycle all ok, on second step all ok, but on third step of cycle pointer to buffer (pointer returned by erealloc(...) function) for readed data was changed on size greater then total_read_bytes+SAPI_POST_BLOCK_SIZE+1 and 

sapi_module.read_post(SG(request_info).post_data+total_read_bytes, SAPI_POST_BLOCK_SIZE SLS_CC) 


Anton Kalmykov.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-03-17 05:42 UTC] andi at cvs dot php dot net
Can you please check and see if you still encounter this problem.
 [2000-04-01 13:18 UTC] andi at cvs dot php dot net
Should be fixed in latest CVS.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Mar 07 16:01:23 2021 UTC