php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67250 iptcparse out-of-bounds read
Submitted: 2014-05-12 01:51 UTC Modified: 2014-05-14 00:18 UTC
From: stas@php.net Assigned: stas
Status: Closed Package: *General Issues
PHP Version: 5.4.28 OS: *
Private report: No CVE-ID:
 [2014-05-12 01:51 UTC] stas@php.net
Description:
------------
The code in iptcparse has insufficient bounds checking and can read past the end of the string. 

Test script:
---------------
iptcparse("\x1C\x02_\x80___");


Expected result:
----------------
no memory errors

Actual result:
--------------
==18573== Conditional jump or move depends on uninitialised value(s)
==18573==    at 0x787A2F: zif_iptcparse (iptc.c:340)
==18573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==18573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==18573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==18573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==18573==    by 0x928472: do_cli (php_cli.c:1034)
==18573==    by 0x928EB7: main (php_cli.c:1378)
==18573== 
==18573== Conditional jump or move depends on uninitialised value(s)
==18573==    at 0x787A33: zif_iptcparse (iptc.c:340)
==18573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==18573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==18573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==18573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==18573==    by 0x928472: do_cli (php_cli.c:1034)
==18573==    by 0x928EB7: main (php_cli.c:1378)


Patches

fix-iptcparse (last revision 2014-05-12 02:10 UTC) by stas@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-12 02:10 UTC] stas@php.net
The following patch has been added/updated:

Patch Name: fix-iptcparse
Revision:   1399860625
URL:        https://bugs.php.net/patch-display.php?bug=67250&patch=fix-iptcparse&revision=1399860625
 [2014-05-14 00:16 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2014-05-14 00:16 UTC] stas@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2014-05-14 00:18 UTC] stas@php.net
-Type: Security +Type: Bug
 [2014-05-14 07:57 UTC] tyrael@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e9cb6a4a5504c888f185a5ab7d1cc02cc359cbe
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-05-18 17:19 UTC] dmitry@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e9cb6a4a5504c888f185a5ab7d1cc02cc359cbe
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-05-26 06:32 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e9cb6a4a5504c888f185a5ab7d1cc02cc359cbe
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-05-26 06:50 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3e9cb6a4a5504c888f185a5ab7d1cc02cc359cbe
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-07-29 21:56 UTC] johannes@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d4b67896ecb248796a0493a9d6205b22c7dff4e2
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-08-14 15:34 UTC] johannes@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d4b67896ecb248796a0493a9d6205b22c7dff4e2
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-08-14 19:32 UTC] dmitry@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d4b67896ecb248796a0493a9d6205b22c7dff4e2
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-10-07 23:14 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=d4b67896ecb248796a0493a9d6205b22c7dff4e2
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3e9cb6a4a5504c888f185a5ab7d1cc02cc359cbe
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=d4b67896ecb248796a0493a9d6205b22c7dff4e2
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3e9cb6a4a5504c888f185a5ab7d1cc02cc359cbe
Log: Fix bug #67250 (iptcparse out-of-bounds read)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Apr 23 05:01:47 2017 UTC