php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68893 Stackoverflow in datefmt_create
Submitted: 2015-01-23 17:04 UTC Modified: 2015-03-08 08:18 UTC
From: fernando at null-life dot com Assigned:
Status: Closed Package: intl (PECL)
PHP Version: 5.6.5 OS: Linux
Private report: No CVE-ID:
 [2015-01-23 17:04 UTC] fernando at null-life dot com
Description:
------------
stackoverflow when passing invalid parameter to datefmt_create function, bug may actually reside in third party code (libicu)

Test script:
---------------
$vals = datefmt_create("en_us", -10000000, 1  );


Expected result:
----------------
Not to crash

Actual result:
--------------
Segfault

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6549bfc in _int_malloc () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff6549bfc in _int_malloc () from /usr/lib/libc.so.6
#1  0x00007ffff654c13e in malloc () from /usr/lib/libc.so.6
#2  0x00007fffeeadac39 in icu_54::UMemory::operator new(unsigned long) () from /usr/lib/libicuuc.so.54
#3  0x00007fffeeef06aa in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#4  0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54
#5  0x00007fffeeef06c8 in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#6  0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54
#7  0x00007fffeeef06c8 in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#8  0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54
#9  0x00007fffeeef06c8 in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#10 0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-03 11:01 UTC] demon@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: demon
 [2015-03-03 19:11 UTC] stas@php.net
The crash seems to be in ICU code, it may make sense to submit it upstream.
 [2015-03-08 08:18 UTC] demon@php.net
-Status: Assigned +Status: Open -Assigned To: demon +Assigned To:
 [2016-04-08 10:32 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1541a55a4f9207c346a805c2b8d090f16d07f841
Log: Fixed bug #68893 Stackoverflow in datefmt_create
 [2016-04-08 10:32 UTC] ab@php.net
-Status: Open +Status: Closed
 [2016-07-20 11:32 UTC] davey@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1541a55a4f9207c346a805c2b8d090f16d07f841
Log: Fixed bug #68893 Stackoverflow in datefmt_create
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Apr 28 14:01:35 2017 UTC