php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69258 addTask() doesn't type check or convert leading to crashes
Submitted: 2015-03-18 20:50 UTC Modified: 2017-01-10 08:25 UTC
From: max dot goldberg at gmail dot com Assigned:
Status: Suspended Package: gearman (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
 [2015-03-18 20:50 UTC] max dot goldberg at gmail dot com
Description:
------------
addTask and the other five functions like it don't do any sort of type checking or conversion.

https://github.com/hjr3/pecl-gearman/blob/master/php_gearman.c#L2327

Using Z_STRVAL_P on a non-string can have unexpected results including segfaults. These functions should all probably be checking if Z_TYPE_P(zworkload) != IS_STRING) and throw a warning/return false or do implicit type conversion to strings.

Test script:
---------------
<?php

$gearman = new \GearmanClient();
$gearman->addServers('127.0.0.1:4730');
$gearman->addTask('crash', array('data' => 'overflow'));
$gearman->runTasks();

Expected result:
----------------
Warning: addTask() expects parameter 2 to be string, array given in X on line X

Actual result:
--------------
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 18446744073365895129 bytes) in /tmp/gearman.php on line 6


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:25 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:25 UTC] kalle@php.net
The gearman extension have not had much activity in the past few years, so I'm taking the safe bet that this is no longer under active development (as I don't consider the typo fixes on the github repo an active development), besides that it also targets unsupported PHP versions. Please unsuspend this report in case it begins to blossom with life once more
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC