|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63890 Spoofchecker::isSuspicious crash on error variable
Submitted: 2013-01-03 00:57 UTC Modified: 2018-04-30 14:27 UTC
From: max at cxsecurity dot com Assigned: ab (profile)
Status: Closed Package: intl (PECL)
PHP Version: 5.4.10 OS: FreeBSD 9.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: max at cxsecurity dot com
New email:
PHP Version: OS:


 [2013-01-03 00:57 UTC] max at cxsecurity dot com
Spoofchecker::isSuspicious — Checks if a given text contains any suspicious 
public bool Spoofchecker::isSuspicious ( string $text [, string &$error ] )
This function is currently not documented; only its argument list is available.

cx@cx32:/test$ php c0poc.php 10000

cx@cx32:/test$ php c0poc.php 90000

Segmentation fault (core dumped)
cx@cx32:/test$ gdb /cxsecurity/php/54/bin/php

(gdb) r /test/c0poc.php 90000
Starting program: /cxsecurity/php/54/bin/php /test/c0poc.php 90000

Program received signal SIGSEGV, Segmentation fault.
0x08305230 in zend_hash_destroy (ht=0x92408e0)
    at /cxsecurity/php/54/Zend/zend_hash.c:560
560				ht->pDestructor(q->pData);

(gdb) r -v
PHP 5.4.10 (cli) (built: Jan  3 2013 00:08:09) 
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
[Inferior 1 (process 7500) exited normally]

Test script:

\$nx = new Spoofchecker();



Expected result:
cx@cx32:/test$ php c0poc.php 90000

Actual result:
cx@cx32:/test$ php c0poc.php 90000

Segmentation fault (core dumped)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-04-09 17:17 UTC]
-Status: Open +Status: Verified
 [2016-04-09 17:17 UTC]
A quick check shows that it is still relevant for PHP 5 but is not reproduceable in PHP 7.

 [2018-04-30 14:27 UTC]
-Status: Verified +Status: Closed -Assigned To: +Assigned To: ab
 [2018-04-30 14:27 UTC]
Closing as it's not relevant anymore.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sun Oct 01 13:01:24 2023 UTC