php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54055 PHP crashes when executing strval when `precision' setting is very hig
Submitted: 2011-02-20 13:42 UTC Modified: 2011-02-21 07:54 UTC
From: mr_platelet+jin6vr at fastmail dot fm Assigned: cataphract
Status: Closed Package: Reproducible crash
PHP Version: 5.3.5 OS: Linux
Private report: No CVE-ID:
 [2011-02-20 13:42 UTC] mr_platelet+jin6vr at fastmail dot fm
Description:
------------
The script below crashes while executing strval.

Test script:
---------------
<?php
for($i = 500; $i <= 1074; $i++) {
  ini_set('precision', $i);
  print "$i\n";
  strval(pow(2, -1074));
}


Expected result:
----------------
I expect all the integers from 500
to 1074 to be printed, each on
a separate line.

Actual result:
--------------
This is the actual output of the script on
my system:

500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-20 13:49 UTC] mr_platelet+jin6vr at fastmail dot fm
Some extra information.  (1) When I ran the script,
I used PHP's "-n" switch.  (2) This is the "configure"
command I used when building PHP:

  --prefix=/usr/local/php/5.3.5 --disable-all --enable-bcmath
 [2011-02-21 07:53 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308525
Log: - Fixed bug #54055 (buffer overrun with high values for precision ini
  setting).
#This fix (for g/G/k/H modes) is done at a different level than that for the
#modes e/E/f/F, at a bit higher level and therefore with less coverage. I
#chose this because it addresses the problem where it is -- the calling function
#that passes a buffer too small to php_gcvt.
 [2011-02-21 07:53 UTC] cataphract@php.net
Fixed by enforcing a max precision of 500.
 [2011-02-21 07:54 UTC] cataphract@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cataphract
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 18:01:53 2014 UTC