php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57416 Buffer overflow in runkit_method_rename()
Submitted: 2006-12-05 12:06 UTC Modified: 2013-02-26 04:31 UTC
From: anter at voliacable dot com Assigned: pollita (profile)
Status: Closed Package: runkit (PECL)
PHP Version: 5.1.6 OS: Windows XP Pro SP2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: anter at voliacable dot com
New email:
PHP Version: OS:

 

 [2006-12-05 12:06 UTC] anter at voliacable dot com
Description:
------------
When the third parameter of runkit_method_rename() is more than 14 symbols, crash of Apache is possible.

It is a pity, that you give not enough time on runkit. The matter is that this extension is of great importance for PHP. Runkit allows to realize support of Aspect-Oriented Programming. I hope, you will be interested with this application of your work, and you can give it to little bit more time.

Reproduce code:
---------------
function getClassMethods($class)
{
    $methods = array();
    $class = new ReflectionClass($class);
    foreach ($class->getMethods() as $method) {
        array_push($methods, $method->getName());
    }
    return $methods;
}

class Ancestor
{
    public function __construct(){}
}

class Descendant extends Ancestor
{
    public function someMethod(){}
}

class AnotherDescendant extends Ancestor
{
    public function anotherMethod(){}
}

runkit_method_rename('Descendant', '__construct', 'abcdefghmnoprst');
print_r(getClassMethods('Descendant'));
print_r(getClassMethods('AnotherDescendant'));

Expected result:
----------------
Array
(
    [0] => someMethod
    [1] => abcdefghmnoprst
)
Array
(
    [0] => anotherMethod
    [1] => abcdefghmnoprst
)

Actual result:
--------------
Array
(
    [0] => someMethod
    [1] => abcdefghmnoprst
)
Array
(
    [0] => anotherMethod
    [1] => [abracadabra or crash of Apache]
)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-26 04:31 UTC] pollita@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pollita
 [2013-02-26 04:31 UTC] pollita@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

This seems to have been resolved by earlier fixes (apart from your expected 
output not being quite right since AnotherAncestor should remain unaffected), so 
I'd try a newer git revision.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun May 16 10:01:24 2021 UTC