|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72172 zend_hex_strtod should not use strlen
Submitted: 2016-05-06 19:02 UTC Modified: -
From: bwitz at hotmail dot com Assigned:
Status: Closed Package: *Compile Issues
PHP Version: 5.6.21 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
14 + 26 = ?
Subscribe to this entry?

 [2016-05-06 19:02 UTC] bwitz at hotmail dot com
Purify reports an Invalid pointer read from zend_hex_strtod as a result of performing a strlen on the compile buffer.

IPR: Invalid pointer read (3 times):
  * This is occurring while in thread 8137:
	strlen         [rtlib.o]
	zend_hex_strtod [zend_strtod.c:2593]
	lex_scan       [zend_language_scanner.l:1561]
	zendlex        [zend_compile.c:6911]
	zendparse      [zend_language_parser.c:3767]
	compile_file   [zend_language_scanner.l:586]
	rnt_compile_file [rnt_opcode_cache.c:1118]
	ZEND_INCLUDE_OR_EVAL_SPEC_TMP_HANDLER [zend_vm_execute.h:8337]
	execute_ex     [zend_vm_execute.h:363]
	zend_execute   [zend_vm_execute.h:388]
	zend_execute_scripts [zend.c:1341]
	php_execute_script [main.c:2610]
	main           [cgi_main.c:2720]
	__libc_start_main []
	_start         [crt1.o]
  * Reading 189460 bytes from 0xec44b66b between the heap and the stack (1 byte at 0xec479a7e illegal)

Expected result:
Purify would not identify compilation of a php script as hitting an Invalid pointer read (IPR).  In addition the strlen is quite inefficient since the compile buffer can be quite large.  In this specific case, 189,460 bytes were read to determine that

if (strlen(str) < 2)

is false.


zend_strtod.patch (last revision 2016-05-06 19:02 UTC by bwitz at hotmail dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-07 06:55 UTC]
Automatic comment on behalf of
Log: Fixed bug #72172 (zend_hex_strtod should not use strlen)
 [2016-05-07 06:55 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon May 17 00:01:23 2021 UTC