|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patchesfile-upstream.patch (last revision 2014-07-30 12:00 UTC by remi@php.net)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-07-30 12:00 UTC] remi@php.net
[2014-07-30 12:01 UTC] remi@php.net
-Assigned To:
+Assigned To: remi
[2014-07-30 12:01 UTC] remi@php.net
[2014-08-08 06:33 UTC] remi@php.net
[2014-08-11 07:31 UTC] remi@php.net
-CVE-ID:
+CVE-ID: 2014-3587
[2014-08-11 07:31 UTC] remi@php.net
[2014-08-15 00:11 UTC] stas@php.net
[2014-08-15 00:45 UTC] stas@php.net
-Status: Assigned
+Status: Closed
[2014-08-15 00:45 UTC] stas@php.net
[2014-08-15 04:58 UTC] dmitry@php.net
[2014-08-15 04:58 UTC] dmitry@php.net
[2014-08-19 08:34 UTC] stas@php.net
[2014-08-19 14:13 UTC] jpauli@php.net
[2014-08-27 03:17 UTC] tyrael@php.net
[2014-10-07 23:13 UTC] stas@php.net
[2014-10-07 23:13 UTC] stas@php.net
[2014-10-07 23:24 UTC] stas@php.net
[2014-10-07 23:24 UTC] stas@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Fri Oct 24 03:00:02 2025 UTC |
Description: ------------ During test patch for CVE-2012-1571, we discover another possible segfault in cd.c #0 0x00fcf2cd in cdf_read_property_info (sst=0xbfb7d9b0, h=0xbfb7ddfc, offs=167896768, info=0xbfb7d9f8, count=0xbfb7d9f4, maxcount=0xbfb7d938) at /usr/src/debug/php-5.3.3/ext/fileinfo/libmagic/cdf.c:776 776 inp[i].pi_type = CDF_TOLE4(q[0]); (gdb) p sst->sst_tab $1 = (void *) 0xa01e690 (gdb) p p $2 = (const uint32_t *) 0xa01e6c8 (gdb) p e $3 = (const uint32_t *) 0xa01e970 (gdb) p q $4 = (const uint32_t *) 0x201e6bf We have a 32bits pointer overflow.