php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45226 xmlrpc_set_type() segfaults with valid ISO8601 date string
Submitted: 2008-06-10 05:12 UTC Modified: 2008-09-10 00:10 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: bmn at bmn dot name Assigned:
Status: Closed Package: XMLRPC-EPI related
PHP Version: 5.2.6 OS: *
Private report: No CVE-ID:
 [2008-06-10 05:12 UTC] bmn at bmn dot name
Description:
------------
PHP crashes when trying to call xmlrpc_set_type with a correctly formatted ISO8601 datetime string from the date() function. 

Note that if you specify a datetime string without the +/-00:00, it will work.
If you specify the timezome information (as the constant DATE_ISO8601 does), php will crash.


Reproduce code:
---------------
// this code breaks
$d = date(DATE_ISO8601);
xmlrpc_set_type($d, 'datetime');
echo xmlrpc_encode_request('method.call', array('date' => $d));


//working code
$d = '2008-01-01 20:00:00';
xmlrpc_set_type($d, 'datetime');
echo xmlrpc_encode_request('method.call', array('date' => $d));

Expected result:
----------------
<methodCall>
<methodName>method.call</methodName>
<params>
 <param>
  <value>
   <struct>
    <member>
     <name>date</name>
     <value>
      <dateTime.iso8601>20080101T20:00:00</dateTime.iso8601>
     </value>
    </member>
   </struct>
  </value>
 </param>
</params>
</methodCall>

Actual result:
--------------
*** stack smashing detected ***: php terminated
Aborted (core dumped)




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-09 15:17 UTC] ndeschildre at gmail dot com
Patch found on the original xmlrpc-epi lib:

http://xmlrpc-epi.cvs.sourceforge.net/xmlrpc-epi/xmlrpc/src/xmlrpc.c?r1=1.31&r2=1.32
 [2008-09-10 00:10 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2.7, 5.3, HEAD.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 20:01:57 2014 UTC