php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71729 Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod
Submitted: 2016-03-07 11:12 UTC Modified: 2018-11-23 09:22 UTC
From: dragondreamer at live dot com Assigned:
Status: Closed Package: *General Issues
PHP Version: 7.0.4 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dragondreamer at live dot com
New email:
PHP Version: OS:

 

 [2016-03-07 11:12 UTC] dragondreamer at live dot com 
Description:
------------
These three function has a flaw that can eventually result in crash:

ZEND_API double zend_bin_strtod(const char *str, const char **endptr)
{
...
	if (strlen(str) < 2) {
		*endptr = str; <--- No check if endptr is NULL, can result in zero pointer dereferencing
		return 0.0;
	}

...

	if (NULL != endptr) {  <--- But here this check is present
		*endptr = (char *)(any ? s - 1 : str);
	}

	return value;
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-03-09 04:17 UTC] laruence@php.net 
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9aa73d38000b9bb9de8dc8aa96e7dcef30506202
Log: Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod)
 [2016-03-09 04:17 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2016-07-20 11:33 UTC] davey@php.net 
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9aa73d38000b9bb9de8dc8aa96e7dcef30506202
Log: Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod)
 [2018-11-23 09:22 UTC] dragondreamer at live dot com
-: temp at temp dot ru +: dragondreamer at live dot com
 [2018-11-23 09:22 UTC] dragondreamer at live dot com 
Edit e-mail address
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 18 14:01:31 2024 UTC