php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #62082 Memory corruption in internal get_icu_disp_value_src_php() function
Submitted: 2012-05-20 20:15 UTC Modified: 2014-06-24 18:21 UTC
From: felipe@php.net Assigned: cataphract
Status: Closed Package: I18N and L10N related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID:
 [2012-05-20 20:15 UTC] felipe@php.net
Description:
------------
See below:

Test script:
---------------
<?php

locale_get_display_name(str_repeat("a", 300), $x);

Actual result:
--------------
[Sun May 20 17:12:36 2012]  Script:  '/home/felipe/dev/bug.php'
---------------------------------------
/home/felipe/dev/php5_3/ext/intl/locale/locale_methods.c(579) : Block 0x015b18a0 status:
Invalid pointer: ((size=0x00000261) != (next.prev=0x61006100610061))
---------------------------------------
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-20 20:17 UTC] felipe@php.net
-Summary: Memory corruption in locale_get_display_name function +Summary: Memory corruption in internal get_icu_disp_value_src_php() function
 [2012-05-23 11:36 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-05-23 11:36 UTC] cataphract@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cataphract
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=86ea921291cd637fd0a7ffb0183625a5ac60e1ee
Log: Fixed bug #62082
 [2014-10-07 23:36 UTC] stas@php.net
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=86ea921291cd637fd0a7ffb0183625a5ac60e1ee
Log: Fixed bug #62082
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Apr 19 03:01:59 2015 UTC