php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54055 PHP crashes when executing strval when `precision' setting is very hig
Submitted: 2011-02-20 13:42 UTC Modified: 2011-02-21 07:54 UTC
From: mr_platelet+jin6vr at fastmail dot fm Assigned: cataphract (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.3.5 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mr_platelet+jin6vr at fastmail dot fm
New email:
PHP Version: OS:

 

 [2011-02-20 13:42 UTC] mr_platelet+jin6vr at fastmail dot fm
Description:
------------
The script below crashes while executing strval.

Test script:
---------------
<?php
for($i = 500; $i <= 1074; $i++) {
  ini_set('precision', $i);
  print "$i\n";
  strval(pow(2, -1074));
}


Expected result:
----------------
I expect all the integers from 500
to 1074 to be printed, each on
a separate line.

Actual result:
--------------
This is the actual output of the script on
my system:

500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-20 13:49 UTC] mr_platelet+jin6vr at fastmail dot fm
Some extra information.  (1) When I ran the script,
I used PHP's "-n" switch.  (2) This is the "configure"
command I used when building PHP:

  --prefix=/usr/local/php/5.3.5 --disable-all --enable-bcmath
 [2011-02-21 07:53 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=308525
Log: - Fixed bug #54055 (buffer overrun with high values for precision ini
  setting).
#This fix (for g/G/k/H modes) is done at a different level than that for the
#modes e/E/f/F, at a bit higher level and therefore with less coverage. I
#chose this because it addresses the problem where it is -- the calling function
#that passes a buffer too small to php_gcvt.
 [2011-02-21 07:53 UTC] cataphract@php.net
Fixed by enforcing a max precision of 500.
 [2011-02-21 07:54 UTC] cataphract@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cataphract
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 07 06:01:24 2019 UTC