PHP :: Bug #69258 :: addTask() doesn't type check or convert leading to crashes

Bug #69258	addTask() doesn't type check or convert leading to crashes
Submitted:	2015-03-18 20:50 UTC	Modified:	2017-01-10 08:25 UTC
From:	max dot goldberg at gmail dot com	Assigned:
Status:	Suspended	Package:	gearman (PECL)
PHP Version:	Irrelevant	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	max dot goldberg at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2015-03-18 20:50 UTC] max dot goldberg at gmail dot com

Description:
------------
addTask and the other five functions like it don't do any sort of type checking or conversion.

https://github.com/hjr3/pecl-gearman/blob/master/php_gearman.c#L2327

Using Z_STRVAL_P on a non-string can have unexpected results including segfaults. These functions should all probably be checking if Z_TYPE_P(zworkload) != IS_STRING) and throw a warning/return false or do implicit type conversion to strings.

Test script:
---------------
<?php

$gearman = new \GearmanClient();
$gearman->addServers('127.0.0.1:4730');
$gearman->addTask('crash', array('data' => 'overflow'));
$gearman->runTasks();

Expected result:
----------------
Warning: addTask() expects parameter 2 to be string, array given in X on line X

Actual result:
--------------
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 18446744073365895129 bytes) in /tmp/gearman.php on line 6

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-01-10 08:25 UTC] kalle@php.net

-Status: Open +Status: Suspended

[2017-01-10 08:25 UTC] kalle@php.net

The gearman extension have not had much activity in the past few years, so I'm taking the safe bet that this is no longer under active development (as I don't consider the typo fixes on the github repo an active development), besides that it also targets unsupported PHP versions. Please unsuspend this report in case it begins to blossom with life once more

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri May 10 01:01:30 2024 UTC