php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57416 Buffer overflow in runkit_method_rename()
Submitted: 2006-12-05 12:06 UTC Modified: 2013-02-26 04:31 UTC
From: anter at voliacable dot com Assigned: pollita (profile)
Status: Closed Package: runkit (PECL)
PHP Version: 5.1.6 OS: Windows XP Pro SP2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
4 - 3 = ?
Subscribe to this entry?

 
 [2006-12-05 12:06 UTC] anter at voliacable dot com
Description:
------------
When the third parameter of runkit_method_rename() is more than 14 symbols, crash of Apache is possible.

It is a pity, that you give not enough time on runkit. The matter is that this extension is of great importance for PHP. Runkit allows to realize support of Aspect-Oriented Programming. I hope, you will be interested with this application of your work, and you can give it to little bit more time.

Reproduce code:
---------------
function getClassMethods($class)
{
    $methods = array();
    $class = new ReflectionClass($class);
    foreach ($class->getMethods() as $method) {
        array_push($methods, $method->getName());
    }
    return $methods;
}

class Ancestor
{
    public function __construct(){}
}

class Descendant extends Ancestor
{
    public function someMethod(){}
}

class AnotherDescendant extends Ancestor
{
    public function anotherMethod(){}
}

runkit_method_rename('Descendant', '__construct', 'abcdefghmnoprst');
print_r(getClassMethods('Descendant'));
print_r(getClassMethods('AnotherDescendant'));

Expected result:
----------------
Array
(
    [0] => someMethod
    [1] => abcdefghmnoprst
)
Array
(
    [0] => anotherMethod
    [1] => abcdefghmnoprst
)

Actual result:
--------------
Array
(
    [0] => someMethod
    [1] => abcdefghmnoprst
)
Array
(
    [0] => anotherMethod
    [1] => [abracadabra or crash of Apache]
)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-26 04:31 UTC] pollita@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: pollita
 [2013-02-26 04:31 UTC] pollita@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

This seems to have been resolved by earlier fixes (apart from your expected 
output not being quite right since AnotherAncestor should remain unaffected), so 
I'd try a newer git revision.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Aug 08 06:07:28 2022 UTC