php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69258 addTask() doesn't type check or convert leading to crashes
Submitted: 2015-03-18 20:50 UTC Modified: 2017-01-10 08:25 UTC
From: max dot goldberg at gmail dot com Assigned:
Status: Suspended Package: gearman (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-03-18 20:50 UTC] max dot goldberg at gmail dot com 
Description:
------------
addTask and the other five functions like it don't do any sort of type checking or conversion.

https://github.com/hjr3/pecl-gearman/blob/master/php_gearman.c#L2327

Using Z_STRVAL_P on a non-string can have unexpected results including segfaults. These functions should all probably be checking if Z_TYPE_P(zworkload) != IS_STRING) and throw a warning/return false or do implicit type conversion to strings.

Test script:
---------------
<?php

$gearman = new \GearmanClient();
$gearman->addServers('127.0.0.1:4730');
$gearman->addTask('crash', array('data' => 'overflow'));
$gearman->runTasks();

Expected result:
----------------
Warning: addTask() expects parameter 2 to be string, array given in X on line X

Actual result:
--------------
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 18446744073365895129 bytes) in /tmp/gearman.php on line 6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:25 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:25 UTC] kalle@php.net 
The gearman extension have not had much activity in the past few years, so I'm taking the safe bet that this is no longer under active development (as I don't consider the typo fixes on the github repo an active development), besides that it also targets unsupported PHP versions. Please unsuspend this report in case it begins to blossom with life once more
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 12:01:30 2024 UTC