Re: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-25 Thread Pierre Joye
hi, On Mon, Jan 17, 2011 at 5:21 AM, Tommy Pham wrote: > Thanks Dan.  I'll keep it in mind for the future.  For interested parties, > that's found in the official Windows 5.3.3 NTS VC9 build.  Works fine with > the current official 5.3.5 NTS VC9. 5.3.5 was released only to fix this exact bug :-

RE: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Tommy Pham
> -Original Message- > From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of > Daniel Brown > Sent: Sunday, January 16, 2011 7:00 PM > To: Tommy Pham > Cc: PHP General; PHP Internals List; secur...@php.net > Subject: Re: [PHP] [security] PHP has DoS vu

[PHP] Re: [PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Mike Robinson
On 2011-01-16, at 9:59 PM, Daniel Brown wrote: > On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote: >> >> Here are the results after some further tests for the same platform: >> >> * max float value: 1.7976931348623E+308 >> * min float value: 9.8813129168249E-324 << >> floatval('1.

RE: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Tommy Pham
> -Original Message- > From: Jim Lucas [mailto:li...@cmsws.com] > Sent: Sunday, January 16, 2011 6:54 PM > To: Tommy Pham > Cc: php-general@lists.php.net > Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points > > On 1/16/2011 4

Re: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Daniel Brown
On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote: > > Here are the results after some further tests for the same platform: > > * max float value: 1.7976931348623E+308 > * min float value:  9.8813129168249E-324  << > floatval('1.00e-323') weird ... > > PHP wil hang when the value

Re: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Jim Lucas
On 1/16/2011 4:18 PM, Tommy Pham wrote: >> -Original Message- >> From: Tommy Pham [mailto:tommy...@gmail.com] >> Sent: Thursday, January 06, 2011 5:49 PM >> To: 'Daevid Vincent' >> Cc: 'php-general@lists.php.net' >> Subject: RE: [PH

RE: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Tommy Pham
> -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Sunday, January 16, 2011 4:18 PM > To: 'php-general@lists.php.net' > Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points > > > I found something really

RE: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-16 Thread Tommy Pham
> -Original Message- > From: Tommy Pham [mailto:tommy...@gmail.com] > Sent: Thursday, January 06, 2011 5:49 PM > To: 'Daevid Vincent' > Cc: 'php-general@lists.php.net' > Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points >

RE: [PHP] [security] PHP has DoS vuln with large decimal points

2011-01-06 Thread Tommy Pham
> -Original Message- > From: Daevid Vincent [mailto:dae...@daevid.com] > Sent: Wednesday, January 05, 2011 11:36 AM > To: php-general@lists.php.net > Subject: [PHP] [security] PHP has DoS vuln with large decimal points > > The error in the way floating-point and dou

[PHP] [security] PHP has DoS vuln with large decimal points

2011-01-05 Thread Daevid Vincent
The error in the way floating-point and double-precision numbers are handled sends 32-bit systems running Linux, Windows, and FreeBSD into an infinite loop that consumes 100 percent of their CPU's resources. Developers are still investigating, but they say the bug appears to affect versions 5.2 and