php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58844 http_date strange behavior and crash
Submitted: 2009-08-31 09:44 UTC Modified: 2009-12-30 10:06 UTC
From: michal dot kocarek at brainbox dot cz Assigned: mike (profile)
Status: Closed Package: pecl_http (PECL)
PHP Version: 5_3 CVS-2009-08-31 (dev) OS: Windows XP Pro SP3 (x86 VC9)
Private report: No CVE-ID: None
 [2009-08-31 09:44 UTC] michal dot kocarek at brainbox dot cz
Description:
------------
http_date() has strange behavior when receives some numbers:

no argument:      OK:   actual time
NULL:             ERR:  same as when 0 is passed (should be same as when no argument is passed)
-∞ ? -2:          ERR:  invalid date (should be date before 1970) or program crash at big numbers (should fail gracefully)
-1:               ERR:  actual time (should be 1970 - 1 sec.)
0 ? PHP_INT_MAX:  OK
PHP_INT_MAX ? +∞: ERR:  program crash


I can create a PHP testcase for it if interested.

Reproduce code:
---------------
<?
function eh($num) {
	echo '> '.gettype($num).' '.$num.': '; echo http_date($num)."\r\n";
}

eh(1000); eh(2); eh(1); eh(0); eh(-1); eh(-2);

echo "today:\r\n";
eh(null); eh(time());
echo '> without argument: '.http_date()."\r\n"; // Test for no argument

echo "PHP_INT_MAX:\r\n";
eh(PHP_INT_MAX);
eh(PHP_INT_MAX+1); /* CRASH HERE */
echo "negative time():\r\n";
eh(-time()); /* CRASH HERE */
?>

Expected result:
----------------
> integer 1000: Thu, 01 Jan 1970 00:16:40 GMT
> integer 2: Thu, 01 Jan 1970 00:00:02 GMT
> integer 1: Thu, 01 Jan 1970 00:00:01 GMT
> integer 0: Thu, 01 Jan 1970 00:00:00 GMT
> integer -1: Mon, 31 Aug 2009 13:22:15 GMT
> integer -2: Thu, 01 Jan 1970 00:00:-2 GMT
today:
> NULL : Thu, 01 Jan 1970 00:00:00 GMT
> integer 1251724935: Mon, 31 Aug 2009 13:22:15 GMT
> without argument: Mon, 31 Aug 2009 13:22:15 GMT
PHP_INT_MAX:
> integer 2147483647: Tue, 19 Jan 2038 03:14:07 GMT
> double 2147483648: ***CRASH HERE***
negative time():
> integer -1251724940: ***CRASH HERE***

Actual result:
--------------
> integer 1000: Thu, 01 Jan 1970 00:16:40 GMT
> integer 2: Thu, 01 Jan 1970 00:00:02 GMT
> integer 1: Thu, 01 Jan 1970 00:00:01 GMT
> integer 0: Thu, 01 Jan 1970 00:00:00 GMT
> integer -1: Wed, 31 Dec 1969 23:59:59 GMT
> integer -2: Wed, 31 Dec 1969 23:59:58 GMT
today:
> NULL : (TODAY?s DATETIME)
> integer 1251724935: Mon, 31 Aug 2009 13:22:15 GMT
> without argument: (TODAY?s DATETIME)
PHP_INT_MAX:
> integer 2147483647: Tue, 19 Jan 2038 03:14:07 GMT
> double 2147483648: ***CRASH HERE***
negative time():
> integer -1251724940: ***CRASH HERE***

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-02 03:06 UTC] mike@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Seems to be a Windows-only problem.
 [2009-09-03 09:48 UTC] michal dot kocarek at brainbox dot cz
CALLSTACK for following commands:
<?
$n = PHP_INT_MAX+1;
http_date($n);
?>

>	msvcr90d.dll!strlen(unsigned char * buf=0x01390040)  Line 81	Asm
 	php5_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x013c0090)  Line 313 + 0x74 bytes	C
 	php5_debug.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x013c0090)  Line 1602	C
 	php5_debug.dll!execute(_zend_op_array * op_array=0x01390738)  Line 104 + 0xe bytes	C
 	php5_debug.dll!zend_execute_scripts(int type=8, _zval_struct * * retval=0x00000000, int file_count=3, ...)  Line 1188 + 0xe bytes	C
 	php5_debug.dll!php_execute_script(_zend_file_handle * primary_file=0x00c2ff10)  Line 2196 + 0x17 bytes	C
 	php.exe!main(int argc=5, char * * argv=0x00392b30)  Line 1188 + 0xc bytes	C
 	php.exe!__tmainCRTStartup()  Line 582 + 0x19 bytes	C
 	php.exe!mainCRTStartup()  Line 399	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes
 [2009-09-03 09:50 UTC] michal dot kocarek at brainbox dot cz
CALLSTACK for following commands:
<?
$n = -time();
http_date($n);
?>

 	msvcr90d.dll!strlen(unsigned char * buf=0x01390040)  Line 81	Asm
>	php5_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x013c0090)  Line 313 + 0x74 bytes	C
 	php5_debug.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x013c0090)  Line 1602	C
 	php5_debug.dll!execute(_zend_op_array * op_array=0x01390738)  Line 104 + 0xe bytes	C
 	php5_debug.dll!zend_execute_scripts(int type=8, _zval_struct * * retval=0x00000000, int file_count=3, ...)  Line 1188 + 0xe bytes	C
 	php5_debug.dll!php_execute_script(_zend_file_handle * primary_file=0x00c2ff10)  Line 2196 + 0x17 bytes	C
 	php.exe!main(int argc=5, char * * argv=0x00392b30)  Line 1188 + 0xc bytes	C
 	php.exe!__tmainCRTStartup()  Line 582 + 0x19 bytes	C
 	php.exe!mainCRTStartup()  Line 399	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes
 [2009-12-30 10:06 UTC] mike@php.net
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Oct 18 21:03:39 2021 UTC