[PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points
hi, On Mon, Jan 17, 2011 at 5:21 AM, Tommy Pham wrote: > Thanks Dan. I'll keep it in mind for the future. For interested parties, > that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with > the current official 5.3.5 NTS VC9. 5.3.5 was released only to fix this exact bug :-) Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] RE: [PHP] [security] PHP has DoS vuln with large decimal points
> -Original Message- > From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of > Daniel Brown > Sent: Sunday, January 16, 2011 7:00 PM > To: Tommy Pham > Cc: PHP General; PHP Internals List; secur...@php.net > Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points > > On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote: > > > > Here are the results after some further tests for the same platform: > > > > * max float value: 1.7976931348623E+308 > > * min float value: 9.8813129168249E-324 << > > floatval('1.00e-323') weird ... > > > > PHP wil hang when the value is between (inclusive) > > > > floatval('2.22507385850720102e-308') - > > floatval('2.22507385850720113e-308') > > > > I can't find the bug report for the issue @ bugs.php.net. Does anyone > > know if one is submitted? I should submit one? Sucribe to dev list > > and go from there? > > If in doubt, file a bug. Worse comes to worst, it will be marked as bogus or > a duplicate. For security-related things, send them to secur...@php.net, > not to the General list. Again, if it's of no concern, it will simply be ignored > as bogus or already known. > > -- > > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ Thanks Dan. I'll keep it in mind for the future. For interested parties, that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with the current official 5.3.5 NTS VC9. Thanks, Tommy -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points
On 2011-01-16, at 9:59 PM, Daniel Brown wrote: > On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote: >> >> Here are the results after some further tests for the same platform: >> >> * max float value: 1.7976931348623E+308 >> * min float value: 9.8813129168249E-324 << >> floatval('1.00e-323') weird ... >> >> PHP wil hang when the value is between (inclusive) >> >> floatval('2.22507385850720102e-308') - >> floatval('2.22507385850720113e-308') >> >> I can't find the bug report for the issue @ bugs.php.net. Does anyone know >> if one is submitted? I should submit one? Sucribe to dev list and go from >> there? > >If in doubt, file a bug. Worse comes to worst, it will be marked > as bogus or a duplicate. For security-related things, send them to > secur...@php.net, not to the General list. Again, if it's of no > concern, it will simply be ignored as bogus or already known Is this not it? http://bugs.php.net/53632 Best Regards Mike Robinson -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points
On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote: > > Here are the results after some further tests for the same platform: > > * max float value: 1.7976931348623E+308 > * min float value: 9.8813129168249E-324 << > floatval('1.00e-323') weird ... > > PHP wil hang when the value is between (inclusive) > > floatval('2.22507385850720102e-308') - > floatval('2.22507385850720113e-308') > > I can't find the bug report for the issue @ bugs.php.net. Does anyone know > if one is submitted? I should submit one? Sucribe to dev list and go from > there? If in doubt, file a bug. Worse comes to worst, it will be marked as bogus or a duplicate. For security-related things, send them to secur...@php.net, not to the General list. Again, if it's of no concern, it will simply be ignored as bogus or already known. -- Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php