php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #68663 out of bounds read in crc32
Submitted: 2014-12-28 03:40 UTC Modified: 2014-12-30 08:05 UTC
From: honey at internot dot info Assigned:
Status: Not a bug Package: *General Issues
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
 [2014-12-28 03:40 UTC] honey at internot dot info
Description:
------------
Hi,

In /ext/phar/phar.c, there is an explicit buffer overread:

2365                                memcpy(&(local.crc32), &(desc.crc32), 12);

But in ext/phar/pharzip.h:

41        char crc32[4];    


Thanks,


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-30 08:05 UTC] stas@php.net
-Status: Open +Status: Not a bug
 [2014-12-30 08:05 UTC] stas@php.net
This looks like a case of harmless optimization - the memcpy copies three structures (crc32, compsize, uncompsize) in one set.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 06:01:27 2024 UTC