php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67251 date_parse_from_format out-of-bounds read
Submitted: 2014-05-12 02:14 UTC Modified: 2014-05-14 00:17 UTC
From: stas@php.net Assigned: stas
Status: Closed Package: *General Issues
PHP Version: 5.4.28 OS: *
Private report: No CVE-ID:
 [2014-05-12 02:14 UTC] stas@php.net
Description:
------------
Date parsing routines do not check for string length when parsing the format with \.

Test script:
---------------
date_parse_from_format("\\","AAAABBBB");


Expected result:
----------------
no valgrind errors

Actual result:
--------------
==31573== Conditional jump or move depends on uninitialised value(s)
==31573==    at 0x450EE1: timelib_parse_from_format (parse_date.re:1890)
==31573==    by 0x44896C: zif_date_parse_from_format (php_date.c:3014)
==31573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==31573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==31573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==31573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==31573==    by 0x928472: do_cli (php_cli.c:1034)
==31573==    by 0x928EB7: main (php_cli.c:1378)
==31573== 
==31573== Conditional jump or move depends on uninitialised value(s)
==31573==    at 0x450F09: timelib_parse_from_format (parse_date.re:2132)
==31573==    by 0x44896C: zif_date_parse_from_format (php_date.c:3014)
==31573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==31573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==31573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==31573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==31573==    by 0x928472: do_cli (php_cli.c:1034)
==31573==    by 0x928EB7: main (php_cli.c:1378)
==31573== 
==31573== Conditional jump or move depends on uninitialised value(s)
==31573==    at 0x450F0D: timelib_parse_from_format (parse_date.re:2135)
==31573==    by 0x44896C: zif_date_parse_from_format (php_date.c:3014)
==31573==    by 0x8FA5E2: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==31573==    by 0x8EBE7F: execute_ex (zend_vm_execute.h:363)
==31573==    by 0x86A089: zend_eval_stringl (zend_execute_API.c:1187)
==31573==    by 0x86A168: zend_eval_stringl_ex (zend_execute_API.c:1234)
==31573==    by 0x928472: do_cli (php_cli.c:1034)
==31573==    by 0x928EB7: main (php_cli.c:1378)


Patches

fix-dateparse (last revision 2014-05-12 02:35 UTC) by stas@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-12 02:35 UTC] stas@php.net
The following patch has been added/updated:

Patch Name: fix-dateparse
Revision:   1399862101
URL:        https://bugs.php.net/patch-display.php?bug=67251&patch=fix-dateparse&revision=1399862101
 [2014-05-14 00:16 UTC] stas@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: stas
 [2014-05-14 00:16 UTC] stas@php.net
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2014-05-14 00:17 UTC] stas@php.net
-Type: Security +Type: Bug
 [2014-05-14 07:57 UTC] tyrael@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-05-18 17:18 UTC] dmitry@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-05-26 06:32 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-05-26 06:50 UTC] ab@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-07-29 21:57 UTC] johannes@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-08-14 15:34 UTC] johannes@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-08-14 19:32 UTC] dmitry@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:14 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:15 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=3c328f09840c58698cedd6bbd30bdc8a24f5b41f
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 [2014-10-07 23:26 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0a80849250162d89b674f7e65144e463e107b8cd
Log: Fix bug #67251 - date_parse_from_format out-of-bounds read
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Feb 26 14:01:37 2017 UTC