php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38493 xmlrpc_encode_request(666, array()) crashes php
Submitted: 2006-08-18 10:02 UTC Modified: 2006-08-18 10:20 UTC
From: giunta dot gaetano at sea-aeroportimilano dot it Assigned:
Status: Closed Package: XMLRPC-EPI related
PHP Version: 4.4.4 OS: windows 2000
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: giunta dot gaetano at sea-aeroportimilano dot it
New email:
PHP Version: OS:

 

 [2006-08-18 10:02 UTC] giunta dot gaetano at sea-aeroportimilano dot it 
Description:
------------
xmlrpc_encode_request(666, array()) brings apache and php down in flames.

I know that a user would better not use this, but instead
xmlrpc_encode_request('666', array()), but
- the xmlrpc spec allows method names to be made of numbers only
- php is weakly typed
- a php error msg would be better than a php crash anyway

BTW: the bug is on line 674 of xmlrpc-epi.php.c (as of 4.4.3), where the zval string value is used without proper checking for its type first. Afaict a cast to string before using the value would fix it.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-18 10:20 UTC] giunta dot gaetano at sea-aeroportimilano dot it 
DOH, I was offline this week while doing some testing of the xmlrpc extension. Just peeked into CVS and found out that the bug has already been fixed by Antony - but without an entry in the 444/514 changelog...
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 08:01:30 2024 UTC