php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72172 zend_hex_strtod should not use strlen
Submitted: 2016-05-06 19:02 UTC Modified: -
From: bwitz at hotmail dot com Assigned:
Status: Closed Package: *Compile Issues
PHP Version: 5.6.21 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2016-05-06 19:02 UTC] bwitz at hotmail dot com 
Description:
------------
Purify reports an Invalid pointer read from zend_hex_strtod as a result of performing a strlen on the compile buffer.



 	
IPR: Invalid pointer read (3 times):
  * This is occurring while in thread 8137:
	strlen         [rtlib.o]
	zend_hex_strtod [zend_strtod.c:2593]
	lex_scan       [zend_language_scanner.l:1561]
	zendlex        [zend_compile.c:6911]
	zendparse      [zend_language_parser.c:3767]
	compile_file   [zend_language_scanner.l:586]
	rnt_compile_file [rnt_opcode_cache.c:1118]
	ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER [zend_vm_execute.h:8337]
	execute_ex     [zend_vm_execute.h:363]
	zend_execute   [zend_vm_execute.h:388]
	zend_execute_scripts [zend.c:1341]
	php_execute_script [main.c:2610]
	main           [cgi_main.c:2720]
	__libc_start_main [libc.so.6]
	_start         [crt1.o]
  * Reading 189460 bytes from 0xec44b66b between the heap and the stack (1 byte at 0xec479a7e illegal)

Expected result:
----------------
Purify would not identify compilation of a php script as hitting an Invalid pointer read (IPR).  In addition the strlen is quite inefficient since the compile buffer can be quite large.  In this specific case, 189,460 bytes were read to determine that

if (strlen(str) < 2)

is false.

Patches

zend_strtod.patch (last revision 2016-05-06 19:02 UTC by bwitz at hotmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-07 06:55 UTC] laruence@php.net 
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=1c7f608071110a8e90e4ae04d3b4d970a70f8c7d
Log: Fixed bug #72172 (zend_hex_strtod should not use strlen)
 [2016-05-07 06:55 UTC] laruence@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Nov 04 00:00:01 2025 UTC