php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67247 spl_fixedarray_resize integer overflow
Submitted: 2014-05-12 00:46 UTC Modified: -
From: stas@php.net Assigned:
Status: Closed Package: *General Issues
PHP Version: 5.4.28 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: stas@php.net
New email:
PHP Version: OS:

 

 [2014-05-12 00:46 UTC] stas@php.net 
Description:
------------
SplFixedArray does not check given parameters for integer overflows when resizing.

Test script:
---------------
$ar = new SplFixedArray(1);
echo "size: ".$ar->getSize()."\n";
$ar->setSize(0x2000000000000001);  // or 0x40000001 for 32 bit
echo "size: ".$ar->getSize()."\n";


Expected result:
----------------
Integer overflow error

Actual result:
--------------
Can crash or produce valgrind error

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-12 01:58 UTC] stas@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-05-12 01:58 UTC] stas@php.net
-Status: Open +Status: Closed
 [2014-05-12 09:03 UTC] ab@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-05-13 11:25 UTC] dmitry@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-05-14 07:57 UTC] tyrael@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-05-26 06:33 UTC] ab@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-07-29 21:56 UTC] johannes@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=84605098bc81517919ecb43935682fdd8a249f9d
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-08-14 15:34 UTC] johannes@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=84605098bc81517919ecb43935682fdd8a249f9d
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-08-14 19:32 UTC] dmitry@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=84605098bc81517919ecb43935682fdd8a249f9d
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-10-07 23:14 UTC] stas@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=84605098bc81517919ecb43935682fdd8a249f9d
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-10-07 23:15 UTC] stas@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-10-07 23:25 UTC] stas@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=84605098bc81517919ecb43935682fdd8a249f9d
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 [2014-10-07 23:26 UTC] stas@php.net 
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2b475eebbea85779989e98e87753d6b023a1d131
Log: Fix bug #67247	spl_fixedarray_resize integer overflow
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Oct 27 16:01:27 2024 UTC