[PHP-BUG] Bug #63874 [NEW]: Buffer overflow if php_strip_whitespace has heredoc

Sat, 29 Dec 2012 14:33:07 -0800 

From:             igor at wiedler dot ch
Operating system: OSX 10.8.2
PHP version:      5.5Git-2012-12-29 (Git)
Package:          Unknown/Other Function
Bug Type:         Bug
Bug description:Buffer overflow if php_strip_whitespace has heredoc

Description:
------------
When a filename that contains a heredoc is passed to php_strip_whitespace,
it 
results in a segmentation fault / buffer overflow.

Here is the output from --enable-debug:

[Sat Dec 29 22:22:09 2012]  Script:  '/Users/igor/test.php'
---------------------------------------
/Users/igor/src/php-src/Zend/zend_highlight.c(189) : Block 0x1036a66d8
status:
Beginning:      Cached
Freed (invalid)
    Start:      OK
      End:      OK
---------------------------------------

Test script:
---------------
<?php

$contents = php_strip_whitespace(__FILE__);

return <<<A
a
A;



-- 
Edit bug report at https://bugs.php.net/bug.php?id=63874&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63874&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63874&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63874&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63874&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63874&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63874&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63874&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63874&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63874&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63874&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63874&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63874&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63874&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63874&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63874&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63874&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63874&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63874&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63874&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63874&r=mysqlcfg

Reply via email to