PHP :: Bug #79244 :: php crashes during parsing INI file

Bug #79244

php crashes during parsing INI file

Submitted:

2020-02-07 17:29 UTC

Modified:

2020-02-07 20:29 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

security at saur0n dot science

Assigned:

Status:

Closed

Package:

Reproducible crash

PHP Version:

7.4.2

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	security at saur0n dot science
New email:
PHP Version:		OS:

New Comment:

[2020-02-07 17:29 UTC] security at saur0n dot science

Description:
------------
php crashes during parsing INI file with function parse_ini_file() or parse_ini_string(). Both CLI and CGI versions are affected.

The crash occurs only if there is a section with integer name.

Test script:
---------------
<?php

$string=<<<__INI__
[9]



__INI__;

var_dump(parse_ini_string($string, TRUE, INI_SCANNER_TYPED));

Expected result:
----------------
Expected correct process termination.

Actual result:
--------------
PHP crashed:

                                                        Stack trace of thread 3685:
                                                        #0  0x0000559f487cd33f _zend_handle_numeric_str (php + 0x6e833f)
                                                        #1  0x0000559f4888d841 ini_parse (php + 0x7a8841)
                                                        #2  0x0000559f4888e289 zend_parse_ini_string (php + 0x7a9289)
                                                        #3  0x0000559f487cbc3e zif_parse_ini_string (php + 0x6e6c3e)
                                                        #4  0x0000559f489086eb ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (php + 0x8236eb)
                                                        #5  0x0000559f48907028 execute_ex (php + 0x822028)
                                                        #6  0x0000559f48954b45 zend_execute (php + 0x86fb45)
                                                        #7  0x0000559f488c49e4 zend_execute_scripts (php + 0x7df9e4)
                                                        #8  0x0000559f48859770 php_execute_script (php + 0x774770)
                                                        #9  0x0000559f48956ff8 do_cli (php + 0x871ff8)
                                                        #10 0x0000559f48715d1f main (php + 0x630d1f)
                                                        #11 0x00007f38d3f54e0b __libc_start_main (libc.so.6 + 0x26e0b)
                                                        #12 0x0000559f48715e1a _start (php + 0x630e1a)

Patches

Pull Requests

Pull requests:

Ignore externally managed and generated files (web-windows/21)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-02-07 17:40 UTC] security at saur0n dot science

Can be reproduced on 7.0.8-0ubuntu0.16.04.3 as well.

[2020-02-07 20:29 UTC] cmb@php.net

-Status: Open +Status: Verified

[2020-02-10 05:07 UTC] laruence@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6295ff77b780705d132b15990c2904d2fe596e57
Log: Fixed bug #79244 (php crashes during parsing INI file). (Laruence)

[2020-02-10 05:07 UTC] laruence@php.net

-Status: Verified +Status: Closed

[2020-04-14 13:40 UTC] tuvirot at gmail dot com

The following pull request has been associated:

Patch Name: Ignore externally managed and generated files
On GitHub:  https://github.com/php/web-windows/pull/21
Patch:      https://github.com/php/web-windows/pull/21.patch

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC