[PHP-DEV] RE: [PHP] [security] PHP has DoS vuln with large decimal points
> -Original Message-
> From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of
> Daniel Brown
> Sent: Sunday, January 16, 2011 7:00 PM
> To: Tommy Pham
> Cc: PHP General; PHP Internals List; secur...@php.net
> Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points
>
> On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote:
> >
> > Here are the results after some further tests for the same platform:
> >
> > * max float value: 1.7976931348623E+308
> > * min float value: 9.8813129168249E-324 <<
> > floatval('1.00e-323') weird ...
> >
> > PHP wil hang when the value is between (inclusive)
> >
> > floatval('2.22507385850720102e-308') -
> > floatval('2.22507385850720113e-308')
> >
> > I can't find the bug report for the issue @ bugs.php.net. Does anyone
> > know if one is submitted? I should submit one? Sucribe to dev list
> > and go from there?
>
> If in doubt, file a bug. Worse comes to worst, it will be marked as
bogus or
> a duplicate. For security-related things, send them to secur...@php.net,
> not to the General list. Again, if it's of no concern, it will simply be
ignored
> as bogus or already known.
>
> --
>
> Network Infrastructure Manager
> Documentation, Webmaster Teams
> http://www.php.net/
Thanks Dan. I'll keep it in mind for the future. For interested parties,
that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with
the current official 5.3.5 NTS VC9.
Thanks,
Tommy
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points
On 2011-01-16, at 9:59 PM, Daniel Brown wrote:
> On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote:
>>
>> Here are the results after some further tests for the same platform:
>>
>> * max float value: 1.7976931348623E+308
>> * min float value: 9.8813129168249E-324 <<
>> floatval('1.00e-323') weird ...
>>
>> PHP wil hang when the value is between (inclusive)
>>
>> floatval('2.22507385850720102e-308') -
>> floatval('2.22507385850720113e-308')
>>
>> I can't find the bug report for the issue @ bugs.php.net. Does anyone know
>> if one is submitted? I should submit one? Sucribe to dev list and go from
>> there?
>
>If in doubt, file a bug. Worse comes to worst, it will be marked
> as bogus or a duplicate. For security-related things, send them to
> secur...@php.net, not to the General list. Again, if it's of no
> concern, it will simply be ignored as bogus or already known
Is this not it?
http://bugs.php.net/53632
Best Regards
Mike Robinson
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP] [security] PHP has DoS vuln with large decimal points
On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote:
>
> Here are the results after some further tests for the same platform:
>
> * max float value: 1.7976931348623E+308
> * min float value: 9.8813129168249E-324 <<
> floatval('1.00e-323') weird ...
>
> PHP wil hang when the value is between (inclusive)
>
> floatval('2.22507385850720102e-308') -
> floatval('2.22507385850720113e-308')
>
> I can't find the bug report for the issue @ bugs.php.net. Does anyone know
> if one is submitted? I should submit one? Sucribe to dev list and go from
> there?
If in doubt, file a bug. Worse comes to worst, it will be marked
as bogus or a duplicate. For security-related things, send them to
secur...@php.net, not to the General list. Again, if it's of no
concern, it will simply be ignored as bogus or already known.
--
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
