php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60337 bcscale related problem on 64bits platforms
Submitted: 2011-11-19 12:35 UTC Modified: 2011-11-19 12:48 UTC
From: shm@php.net Assigned: shm (profile)
Status: Closed Package: BC math related
PHP Version: trunk-SVN-2011-11-19 (SVN) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: shm@php.net
New email:
PHP Version: OS:

 

 [2011-11-19 12:35 UTC] shm@php.net
Description:
------------
bcscale uses long typed variable to store scale passed further to bclib calls. Unfortunately bclib uses int type for scale parameter, thus large long numbers (which uses 8 bytes on 64 bits platforms) could be casted to negative number and cause memory corruption as a result of pointer arithmetic with scale param.

Test script:
---------------
<?php
$var48 = bcscale(634314234334311);
$var67 = bcsqrt(false);
$var414 = bcadd(false,null,10);
die('ALIVE');
?>

Expected result:
----------------
ALIVE

Actual result:
--------------
$ php
<?php
$var48 = bcscale(634314234334311);
$var67 = bcsqrt(false);
$var414 = bcadd(false,null,10);
die('ALIVE');
?>^D
Segmentation fault: 11 (core dumped)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-19 12:36 UTC] shm@php.net
-Assigned To: +Assigned To: shm
 [2011-11-19 12:46 UTC] shm@php.net
Automatic comment from SVN on behalf of shm
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=319546
Log: - Fixed bug #60337 bcscale related crashed on 64bits platforms
 [2011-11-19 12:48 UTC] shm@php.net
fixed in svn
 [2011-11-19 12:48 UTC] shm@php.net
-Status: Assigned +Status: Closed
 [2012-04-18 09:47 UTC] laruence@php.net
Automatic comment on behalf of shm
Revision: http://git.php.net/?p=php-src.git;a=commit;h=63b8ff76198e886133d28987d49dc1358629e814
Log: - Fixed bug #60337 bcscale related crashed on 64bits platforms
 [2012-07-24 23:38 UTC] rasmus@php.net
Automatic comment on behalf of shm
Revision: http://git.php.net/?p=php-src.git;a=commit;h=63b8ff76198e886133d28987d49dc1358629e814
Log: - Fixed bug #60337 bcscale related crashed on 64bits platforms
 [2013-11-17 09:35 UTC] laruence@php.net
Automatic comment on behalf of shm
Revision: http://git.php.net/?p=php-src.git;a=commit;h=63b8ff76198e886133d28987d49dc1358629e814
Log: - Fixed bug #60337 bcscale related crashed on 64bits platforms
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 01:01:35 2019 UTC