php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55797 Integer overflow in SdnToGregorian leads to segfault (in optimized builds)
Submitted: 2011-09-27 10:21 UTC Modified: 2011-09-27 10:22 UTC
From: cataphract@php.net Assigned: cataphract
Status: Closed Package: Date/time related
PHP Version: 5.3.8 OS: Linux/gcc
Private report: No CVE-ID:
 [2011-09-27 10:21 UTC] cataphract@php.net
Description:
------------
SdnToGregorian has an integer overflow error.

This has already been fixed; this report is for reference.

See also bug #53574.

Test script:
---------------
(x86)
php -r 'print_r(cal_from_jd(882858030, CAL_GREGORIAN));

(amd64)
php -r 'print_r(cal_from_jd(9223372036854743639, CAL_GREGORIAN));'

Expected result:
----------------
No segfault

Actual result:
--------------
Segfault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-09-27 10:22 UTC] cataphract@php.net
-Summary: Integer overflow leads to segfault in SdnToGregorian (in optimized builds) +Summary: Integer overflow in SdnToGregorian leads to segfault (in optimized builds) -Status: Open +Status: Closed -Assigned To: +Assigned To: cataphract
 [2011-09-27 10:57 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&revision=317387
Log: - Added tests and NEWS for r306475; see bug #55797.
- Removed now redundant previous overflow check, which relied on
  undefined behavior (wraparound) and was ignored in optimized builds.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 21:01:56 2014 UTC