php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68893 Stackoverflow in datefmt_create
Submitted: 2015-01-23 17:04 UTC Modified: 2015-03-08 08:18 UTC
From: fernando at null-life dot com Assigned:
Status: Closed Package: intl (PECL)
PHP Version: 5.6.5 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fernando at null-life dot com
New email:
PHP Version: OS:

 

 [2015-01-23 17:04 UTC] fernando at null-life dot com
Description:
------------
stackoverflow when passing invalid parameter to datefmt_create function, bug may actually reside in third party code (libicu)

Test script:
---------------
$vals = datefmt_create("en_us", -10000000, 1  );


Expected result:
----------------
Not to crash

Actual result:
--------------
Segfault

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6549bfc in _int_malloc () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff6549bfc in _int_malloc () from /usr/lib/libc.so.6
#1  0x00007ffff654c13e in malloc () from /usr/lib/libc.so.6
#2  0x00007fffeeadac39 in icu_54::UMemory::operator new(unsigned long) () from /usr/lib/libicuuc.so.54
#3  0x00007fffeeef06aa in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#4  0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54
#5  0x00007fffeeef06c8 in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#6  0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54
#7  0x00007fffeeef06c8 in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#8  0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54
#9  0x00007fffeeef06c8 in icu_54::DateFormat::create(icu_54::DateFormat::EStyle, icu_54::DateFormat::EStyle, icu_54::Locale const&) () from /usr/lib/libicui18n.so.54
#10 0x00007fffeeefa92b in icu_54::RelativeDateFormat::RelativeDateFormat(UDateFormatStyle, UDateFormatStyle, icu_54::Locale const&, UErrorCode&) () from /usr/lib/libicui18n.so.54


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-03-03 11:01 UTC] demon@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: demon
 [2015-03-03 19:11 UTC] stas@php.net
The crash seems to be in ICU code, it may make sense to submit it upstream.
 [2015-03-08 08:18 UTC] demon@php.net
-Status: Assigned +Status: Open -Assigned To: demon +Assigned To:
 [2016-04-08 10:32 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1541a55a4f9207c346a805c2b8d090f16d07f841
Log: Fixed bug #68893 Stackoverflow in datefmt_create
 [2016-04-08 10:32 UTC] ab@php.net
-Status: Open +Status: Closed
 [2016-07-20 11:32 UTC] davey@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1541a55a4f9207c346a805c2b8d090f16d07f841
Log: Fixed bug #68893 Stackoverflow in datefmt_create
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Nov 06 01:01:30 2024 UTC