php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68664 out of bounds write / invalid operation
Submitted: 2014-12-28 03:44 UTC Modified: 2014-12-30 08:26 UTC
From: honey at internot dot info Assigned:
Status: Not a bug Package: *General Issues
PHP Version: master-Git-2014-12-28 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
 [2014-12-28 03:44 UTC] honey at internot dot info 
Description:
------------
Hi,

In /ext/standard/formatted_print.c:

158        while (magn > 0 && i > 0);

Should it be "> 0) {"?


  
158        while (magn > 0 && i > 0);
 
159        if (neg) {

160                numbuf[--i] = '-';



Thanks,

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-30 08:18 UTC] stas@php.net
-Status: Open +Status: Not a bug -Type: Security +Type: Bug
 [2014-12-30 08:18 UTC] stas@php.net 
while() is part of do/while construct, so it can not be "> 0) {". In theory, it can happen that i goes down to 0, in practice due to NUM_BUF_SIZE being 500, i starts with 499, which means magn should be at least 10^500 for this to happen, or occupy about 1661 bits. Since magn is defined as long and no known system where PHP runs has longs of this size, this does not seem to be a real issue. We could probably change the condition to i > 1 just to be nicer but I see no real issue there.
 [2014-12-30 08:26 UTC] honey at internot dot info 
Hi,

The real question/problem I had with this was the semicolon used with the "while" loop.

I've never seen a statement like that. Is it correct?

I actually realized this wasn't a sec. bug earlier today, and I thought I had responded, but I must have forgotton to put the password, so my reply didn't go through.

Thanks,
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Dec 15 17:00:02 2025 UTC