PHP :: Sec Bug #68663 :: out of bounds read in crc32

Sec Bug #68663	out of bounds read in crc32
Submitted:	2014-12-28 03:40 UTC	Modified:	2014-12-30 08:05 UTC
From:	honey at internot dot info	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	master-Git-2014-12-28 (Git)	OS:	Linux Ubuntu 14.04
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2014-12-28 03:40 UTC] honey at internot dot info

Description:
------------
Hi,

In /ext/phar/phar.c, there is an explicit buffer overread:

2365                                memcpy(&(local.crc32), &(desc.crc32), 12);

But in ext/phar/pharzip.h:

41        char crc32[4];    


Thanks,

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-12-30 08:05 UTC] stas@php.net

-Status: Open +Status: Not a bug

[2014-12-30 08:05 UTC] stas@php.net

This looks like a case of harmless optimization - the memcpy copies three structures (crc32, compsize, uncompsize) in one set.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 03 17:01:32 2024 UTC