ID: 24556 Updated by: [EMAIL PROTECTED] Reported By: asykakimo at yahoo dot com dot tw -Status: Assigned +Status: Closed Bug Type: Strings related Operating System: Win2000 PHP Version: 4.3.3RC2-dev Assigned To: moriyoshi New Comment:
This bug has been fixed in CVS. In case this was a PHP problem, snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. In case this was a documentation problem, the fix will show up soon at http://www.php.net/manual/. In case this was a PHP.net website problem, the change will show up on the PHP.net site and on the mirror sites in short time. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2003-07-09 08:20:37] [EMAIL PROTECTED] This patch seems to plug the overflow: Index: string.c =================================================================== RCS file: /repository/php-src/ext/standard/string.c,v retrieving revision 1.333.2.32 diff -u -r1.333.2.32 string.c --- string.c 29 Jun 2003 15:36:10 -0000 1.333.2.32 +++ string.c 9 Jul 2003 13:17:51 -0000 @@ -3336,7 +3336,7 @@ br = 0; if (allow) { php_strtolower(allow, allow_len); - tbuf = emalloc(PHP_TAG_BUF_SIZE+1); + tbuf = emalloc(PHP_TAG_BUF_SIZE+2); tp = tbuf; } else { tbuf = tp = NULL; ------------------------------------------------------------------------ [2003-07-09 08:13:21] [EMAIL PROTECTED] This is not file_get_contents() or any other filesystem function related: --------------------------------------- /usr/src/web/php/php4_3/ext/standard/string.c(3530) : Block 0x0874B580 status: Beginning: OK (allocated on /usr/src/web/php/php4_3/ext/standard/string.c:3339, 1024 bytes) End: Overflown (magic=0x2A8FCC63 instead of 0x2A8FCC84) 1 byte(s) overflown --------------------------------------- href/usr/src/web/php/php4_3/ext/standard/string.c(3339) : Freeing 0x0874B5A4 (1024 bytes), script=t.php strip_tags() causes the crash. (leaks seem to crash winblows, not linux :) ------------------------------------------------------------------------ [2003-07-09 02:24:43] asykakimo at yahoo dot com dot tw Description: ------------ The file_get_contents will cause PHP crash in the following code: $contents=str_replace("\n"," ",file_get_contents($file)); $contents=strip_tags($contents,'<a><frame><area><meta>'); $tags=(preg_match("|</frameset>|i",$contents))?"src":"href"; $tags=(preg_match("|<meta http-equiv=\"?refresh\"?.*url|i",$contents))?"url":$tags; echo $tags; ------------------------------------------------------------ The $file variable is come from http://www.starwars.com/index.html If I replace the file_get_contents with fread function, the php remain this bug too. Thank ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24556&edit=1
