|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69258 addTask() doesn't type check or convert leading to crashes
Submitted: 2015-03-18 20:50 UTC Modified: 2017-01-10 08:25 UTC
From: max dot goldberg at gmail dot com Assigned:
Status: Suspended Package: gearman (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-03-18 20:50 UTC] max dot goldberg at gmail dot com
addTask and the other five functions like it don't do any sort of type checking or conversion.

Using Z_STRVAL_P on a non-string can have unexpected results including segfaults. These functions should all probably be checking if Z_TYPE_P(zworkload) != IS_STRING) and throw a warning/return false or do implicit type conversion to strings.

Test script:

$gearman = new \GearmanClient();
$gearman->addTask('crash', array('data' => 'overflow'));

Expected result:
Warning: addTask() expects parameter 2 to be string, array given in X on line X

Actual result:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 18446744073365895129 bytes) in /tmp/gearman.php on line 6


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:25 UTC]
-Status: Open +Status: Suspended
 [2017-01-10 08:25 UTC]
The gearman extension have not had much activity in the past few years, so I'm taking the safe bet that this is no longer under active development (as I don't consider the typo fixes on the github repo an active development), besides that it also targets unsupported PHP versions. Please unsuspend this report in case it begins to blossom with life once more
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Apr 20 23:01:28 2024 UTC