|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2008-07-21 16:03 UTC] jani@php.net
[2008-09-14 05:15 UTC] iliaa@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 23:00:01 2025 UTC |
Description: ------------ Using my fuzzer, I found a bug in levenshtein() function with random arguments. The crash occurs in: #0 0x08297319 in reference_levdist (s1=0x85486f8 "�3[W\217�W\221�", l1=9, s2=0x2a <Address 0x2a out of bounds>, l2=2, cost_ins=42, cost_rep=0, cost_del=42) at /home/haypo/php-5.2.6/ext/standard/levenshtein.c:54 #1 0x08297bee in zif_levenshtein (ht=5, return_value=0x8548680, return_value_ptr=0x0, this_ptr=0x0, return_value_used=0) at /home/haypo/php-5.2.6/ext/standard/levenshtein.c:112 #2 0x083452b5 in zend_do_fcall_common_helper_SPEC (execute_data=0xbfddb6a0) at /home/haypo/php-5.2.6/Zend/zend_vm_execute.h:200 #3 0x0834ac85 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbfddb6a0) at /home/haypo/php-5.2.6/Zend/zend_vm_execute.h:1679 #4 0x08344e05 in execute (op_array=0x85480b0) at /home/haypo/php-5.2.6/Zend/zend_vm_execute.h:92 #5 0x0831fd69 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /home/haypo/php-5.2.6/Zend/zend.c:1134 #6 0x082cb708 in php_execute_script (primary_file=0xbfddda20) at /home/haypo/php-5.2.6/main/main.c:2005 The bug may comes from "s2=0x2a <Address 0x2a out of bounds>" error. Reproduce code: --------------- <?php $a = 42; levenshtein("test", &$a, &$a, null, &$a); ?>