php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57575 Segmentation fault using FILTER_VALIDATE_INT
Submitted: 2007-03-15 18:44 UTC Modified: 2012-03-08 11:13 UTC
From: rbotzer at yahoo dot com Assigned: pajoye (profile)
Status: Closed Package: filter (PECL)
PHP Version: 5.1.6 OS: CentOS 4.4 x86_64
Private report: No CVE-ID: None
 [2007-03-15 18:44 UTC] rbotzer at yahoo dot com
Description:
------------
If I try to validate a variable that has a single space through FILTER_VALIDATE_INT it causes a segmentation fault.


Modules:
$ php -m
[PHP Modules]
apc
bz2
calendar
ctype
curl
date
dom
exif
filter
ftp
gettext
gmp
hash
iconv
json
libxml
mbstring
memcache
mime_magic
mysql
mysqli
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
posix
pspell
Reflection
session
shmop
SimpleXML
soap
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zlib

[Zend Modules]


We're using the hardened-php patch 0.4.15.

Reproduce code:
---------------
<?php
$a = ' ';
$failed = false;if (filter_var($a, FILTER_VALIDATE_INT) === false) $failed = true;
var_dump ($failed);
?>

Expected result:
----------------
I expected to see:

bool(false)

Actual result:
--------------
Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-15 18:48 UTC] rbotzer at yahoo dot com
The stack trace:
#0  0x0000002a9e1f73c4 in php_filter_int (value=0x552b19b8f8,
flags=33554432,
    option_array=0x0, charset=Variable "charset" is not available.
)
    at /usr/src/redhat/BUILD/filter-0.11.0/logical_filters.c:207
#1  0x0000002a9e1f504b in php_zval_filter (value=0x7fbfff7848,
filter=Variable "                                              filter" is
not available.
)
    at /usr/src/redhat/BUILD/filter-0.11.0/filter.c:321
#2  0x0000002a9e1f58d0 in php_filter_call (filtered=0x7fbfff7848,
filter=257,
    filter_args=Variable "filter_args" is not available.
) at /usr/src/redhat/BUILD/filter-0.11.0/filter.c:592
#3  0x0000002a9e1f60fa in zif_filter_var (ht=Variable "ht" is not available.
)
    at /usr/src/redhat/BUILD/filter-0.11.0/filter.c:715
#4  0x0000002a9a191a7d in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fbfff80a0)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:200
#5  0x0000002a9a191381 in execute (op_array=0x552b199ba8)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:92
#6  0x0000002a9a191663 in zend_do_fcall_common_helper_SPEC (
    execute_data=0x7fbfff9150)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:234
#7  0x0000002a9a191381 in execute (op_array=0x552b1769f8)
    at /usr/src/redhat/BUILD/php-5.1.6/Zend/zend_vm_execute.h:92
#8  0x0000002a9a168037 in zend_call_function (fci=0x7fbfff9330,
fci_cache=Variab                                              le "fci_cache"
is not available.
)
 [2007-03-15 19:24 UTC] rbotzer at yahoo dot com
It seems to work If the following patch is applied to filter_private.h

patch:
------
88a89
>       if(len > 0) { \
102a104
>  } \
 [2007-05-15 16:28 UTC] davidc at agoraproduction dot com
This same example with php5.2.2 works for me.

deskboxen:~/development/p/pecl/filter davidcoallier$ php test1.php 
bool(true)
 [2007-05-16 04:14 UTC] bunnyq at gmail dot com
It seems to be fixed in php 5.2.1 already.
http://www.php.net/ChangeLog-5.php#5.2.1

Is pecl filter package a bit earlier than php binded version?
 [2007-05-16 06:21 UTC] pierre dot php at gmail dot com
"This same example with php5.2.2 works for me."

Yes, it is fixed in CVS and php releases.

"Is pecl filter package a bit earlier than php binded version?"

There is no pecl release containing this fix (and many other). A new release will be done asap.
 [2012-03-08 11:13 UTC] pajoye@php.net
-Status: Assigned +Status: Closed
 [2012-03-08 11:13 UTC] pajoye@php.net
Actually filter is now only maintained in core.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Feb 20 17:01:26 2019 UTC