ah, so it's a glibc issue then? istr a similar thing come up with truetype fonts that ended up being a bug in the tr1 lib, but because the PoC used php it was classified as a php vulnerabity. if it's the same case here then i think the onus is on glibc...
Well, I think we can still impose limit on iconv parameters, it doesn't seem to hurt anything. But the problem is reproduceable in pure C...
-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
