php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54174 Buffer disclosure in case a fatal error occurs
Submitted: 2011-03-06 15:34 UTC Modified: 2011-03-06 16:05 UTC
From: neweracracker at gmail dot com Assigned:
Status: Duplicate Package: Output Control
PHP Version: 5.3.5 OS: Windows
Private report: No CVE-ID: None
 [2011-03-06 15:34 UTC] neweracracker at gmail dot com
Description:
------------
If a fatal error occurs buffer contents are disclosured.

Test script:
---------------
<?php
set_time_limit(1);
ob_start();
echo "You shouldn't see this!";
sleep(2); //comment this and you won't see the line above in output ;)
ob_end_clean();
?>

Expected result:
----------------
I expected not seeing "You shouldn't see this!" and just the fatal error

Actual result:
--------------
I see "You shouldn't see this!" and the fatal error

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-06 15:45 UTC] neweracracker at gmail dot com
I am using php.ini-development as my php.ini to reproduce this bug.
 [2011-03-06 16:05 UTC] felipe@php.net
-Status: Open +Status: Duplicate
 [2011-03-06 16:05 UTC] felipe@php.net
Duplicated of #54114
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 19:01:30 2024 UTC