Edit report at http://bugs.php.net/bug.php?id=53574&edit=1
ID: 53574 Updated by: [email protected] Reported by: m dot kocielski at gmail dot com Summary: Integer overflow in SdnToJulian -Status: Assigned +Status: Closed Type: Bug Package: *Calendar problems Operating System: Linux PHP Version: 5.3.4 Assigned To: cataphract Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-12-20 00:47:02] [email protected] Automatic comment from SVN on behalf of cataphract Revision: http://svn.php.net/viewvc/?view=revision&revision=306475 Log: - Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). ------------------------------------------------------------------------ [2010-12-19 15:08:51] m dot kocielski at gmail dot com Description: ------------ *cut* void SdnToJulian( long int sdn, int *pYear, int *pMonth, int *pDay) { int year; int month; int day; long int temp; int dayOfYear; if (sdn <= 0) { *pYear = 0; *pMonth = 0; *pDay = 0; return; } temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1; *cut* temp could here be less then 0 due to integer overflow (when sdn is large enough). Test script: --------------- <?php for(;;) { $x = rand(0, 2147483640); echo "$x\n"; $dummy = cal_from_jd($x,0); $dummy = cal_from_jd($x,1); } ?> Expected result: ---------------- Sigsegv: $ php core1.php 758413092 1698116908 42935006 988939165 101976420 1332880082 882858043 Naruszenie ochrony pamiÄci (SIGSEGV) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=53574&edit=1
