> xml_parser_create($maxs);
I can't reproduce this one and I don't really see how passing a long
string to that code could be a problem.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Alle 19:45, martedì 1 aprile 2003, Rasmus Lerdorf ha scritto:
> Never mind, I see it.
Just for the sake of curiosity (I'm not a really clever C
programmer)... do you have a minute to explain to us too? Thanks :)
Ciao
:ce
--
"Computer Science is as much about computers as Astronomy is abou
On Tue, 1 Apr 2003, Sascha Schumann wrote:
[EMAIL PROTECTED] tal $ php -a
Interactive mode enabled
Extending the list, now also testing with an empty array().
>
> i18n_convert('','',$mina);
> mb_convert_encoding('','',$mina);
> array_pad($mina,$maxn,$maxn);
> setlocale($maxn
Never mind, I see it.
On Tue, 1 Apr 2003, Rasmus Lerdorf wrote:
> > socket_iovec_alloc($maxn,$maxn,$maxn);
>
> Didn't I fix that one? Where is the overflow in this:
>
> int i, j, argc = ZEND_NUM_ARGS();
>
> if(argc>65536) {
> WRONG_PARAM_COUNT;
> }
>
>
> socket_iovec_alloc($maxn,$maxn,$maxn);
Didn't I fix that one? Where is the overflow in this:
int i, j, argc = ZEND_NUM_ARGS();
if(argc>65536) {
WRONG_PARAM_COUNT;
}
args = emalloc(argc*sizeof(zval**));
if (argc < 1 || zend_get_parameters_array_ex(
Extending the list, now also testing with an empty array().
i18n_convert('','',$mina);
mb_convert_encoding('','',$mina);
array_pad($mina,$maxn,$maxn);
setlocale($maxn,$mina,$maxn);
unregister_tick_function($maxn);
xml_parser_create($maxs);
> bcsub('',$maxn);
>
And some more (the 13 should have been 0 in the script):
bcsub('',$maxn);
dbase_open($maxs,$maxn);
exif_imagetype($maxn);
> ob_start();
>
> socket_iovec_alloc($maxn,$maxn,$maxn);
>
> exif_thumbnail('',$maxs,$maxn);
>
> mb_ereg('',$maxs,$maxn);
>
> mb_ereg_match
Here are some further functions which directly or indirectly
cause a segfault. In some cases, the prior function
invocation screwed up the engine internals, so that the next
function call resulted in a segfault.
How to reproduce:
1. wget http://schumann.cx/do_crash.txt
