|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-12-15 23:15 UTC] tony2001@php.net
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Nov 04 11:00:01 2025 UTC |
Description: ------------ Weird stuff going on with pack(). pack("A*", $float) makes the process go in to a endless loop (if you turn off memory limit), and kills the apache-thread (and probably server too if it's a slow one), trying to allocate ~1GB memory. It's important to check all user-inputs to the pack()-function as it might hang the server for a while. From the PHP-doc: "Also note that PHP internally stores integer values as signed values of a machine dependent size. If you give it an unsigned integer value too large to be stored that way it is converted to a float which often yields an undesired result." (Including php-version 5.1.1) Reproduce code: --------------- <?php echo pack( "A*", 1.0 ); ?> FATAL: emalloc(): Unable to allocate 1072693249 bytes <?php echo strlen( pack( "A*", (int) "heh" )); // Returns 3 all though we cast an integer to it? ?> Expected result: ---------------- A fatal error on emalloc() that's unable to allocate an machine dependent amount of memory.