From: r3d dot w0rm at yahoo dot com Operating system: All PHP version: 5.3.2RC2 PHP Bug Type: Strings related Bug description: PHP str_repeat() Function Integer Overflow
Description: ------------ PHP str_repeat() Function Integer Overflow AUTHOR : Sina Yazdanmehr(R3d.W0rm) Discovered by : Sina Yazdanmehr (R3d.W0rm) Our Site : http://IrCrash.com Our Forums : http://ircrash.com/persian/ My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) Reproduce code: --------------- <?php //www.IrCrash.com //By : R3d.W0rm $str1 = str_repeat('0x0x0x0x',999999999); $str2 = str_repeat($str,1); ?> Expected result: ---------------- Fatal error: Possible integer overflow in memory allocation (8 * 999999999 + 1) in F:\Program Files\EasyPHP-5.3.1\www\over.php on line 4 Fatal error: Possible integer overflow in memory allocation (8 * 999999999 + 1) in /var/www/html/over.php on line 4 -- Edit bug report at http://bugs.php.net/?id=51105&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51105&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51105&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51105&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51105&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51105&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51105&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51105&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51105&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51105&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51105&r=support Expected behavior: http://bugs.php.net/fix.php?id=51105&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51105&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51105&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51105&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51105&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51105&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51105&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51105&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51105&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51105&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51105&r=mysqlcfg
