|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72172 zend_hex_strtod should not use strlen
Submitted: 2016-05-06 19:02 UTC Modified: -
From: bwitz at hotmail dot com Assigned:
Status: Closed Package: *Compile Issues
PHP Version: 5.6.21 OS: Linux
Private report: No CVE-ID: None
 [2016-05-06 19:02 UTC] bwitz at hotmail dot com
Purify reports an Invalid pointer read from zend_hex_strtod as a result of performing a strlen on the compile buffer.

IPR: Invalid pointer read (3 times):
  * This is occurring while in thread 8137:
	strlen         [rtlib.o]
	zend_hex_strtod [zend_strtod.c:2593]
	lex_scan       [zend_language_scanner.l:1561]
	zendlex        [zend_compile.c:6911]
	zendparse      [zend_language_parser.c:3767]
	compile_file   [zend_language_scanner.l:586]
	rnt_compile_file [rnt_opcode_cache.c:1118]
	ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER [zend_vm_execute.h:8337]
	execute_ex     [zend_vm_execute.h:363]
	zend_execute   [zend_vm_execute.h:388]
	zend_execute_scripts [zend.c:1341]
	php_execute_script [main.c:2610]
	main           [cgi_main.c:2720]
	__libc_start_main []
	_start         [crt1.o]
  * Reading 189460 bytes from 0xec44b66b between the heap and the stack (1 byte at 0xec479a7e illegal)

Expected result:
Purify would not identify compilation of a php script as hitting an Invalid pointer read (IPR).  In addition the strlen is quite inefficient since the compile buffer can be quite large.  In this specific case, 189,460 bytes were read to determine that

if (strlen(str) < 2)

is false.


zend_strtod.patch (last revision 2016-05-06 19:02 UTC by bwitz at hotmail dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-07 06:55 UTC]
Automatic comment on behalf of
Log: Fixed bug #72172 (zend_hex_strtod should not use strlen)
 [2016-05-07 06:55 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 18 23:01:30 2024 UTC