ID: 35690 Updated by: [EMAIL PROTECTED] Reported By: hn at ondskap dot net -Status: Open +Status: Closed Bug Type: Unknown/Other Function Operating System: Linux, Windows Server 2003 PHP Version: 5.1.1 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2005-12-15 20:51:53] hn at ondskap dot net Description: ------------ Weird stuff going on with pack(). pack("A*", $float) makes the process go in to a endless loop (if you turn off memory limit), and kills the apache-thread (and probably server too if it's a slow one), trying to allocate ~1GB memory. It's important to check all user-inputs to the pack()-function as it might hang the server for a while. >From the PHP-doc: "Also note that PHP internally stores integer values as signed values of a machine dependent size. If you give it an unsigned integer value too large to be stored that way it is converted to a float which often yields an undesired result." (Including php-version 5.1.1) Reproduce code: --------------- <?php echo pack( "A*", 1.0 ); ?> FATAL: emalloc(): Unable to allocate 1072693249 bytes <?php echo strlen( pack( "A*", (int) "heh" )); // Returns 3 all though we cast an integer to it? ?> Expected result: ---------------- A fatal error on emalloc() that's unable to allocate an machine dependent amount of memory. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=35690&edit=1
