Ilia Alshanetsky [EMAIL PROTECTED] wrote:
-chunk_split (2)
I might be missing something, but is chunk_split() really binary safe?
dest = safe_emalloc(sizeof(char), (srclen + (chunks + 1) * endlen + 1), 0);
What if integer overflow occurs during the calculation of (chunks
On June 4, 2003 01:12 pm, Moriyoshi Koizumi wrote:
If (srclen + (chunks + 1) * endlen + 1) overflows and results in a 0 number,
the result of the multiplication inside safe_emalloc would still be negative
and we'll trigger the integer overflow check.
Ilia
Ilia Alshanetsky [EMAIL PROTECTED]
Ilia A. [EMAIL PROTECTED] wrote:
On June 4, 2003 01:12 pm, Moriyoshi Koizumi wrote:
If (srclen + (chunks + 1) * endlen + 1) overflows and results in a 0 number,
the result of the multiplication inside safe_emalloc would still be negative
and we'll trigger the integer overflow check.
I
moriyoshi Fri Apr 4 04:11:28 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
segfault busting news
replacing one tab to 4 spaces
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.25 php4/TODO_SEGFAULTS:1.1.2.26
moriyoshi Fri Apr 4 04:13:28 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
renumbering
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.26 php4/TODO_SEGFAULTS:1.1.2.27
--- php4/TODO_SEGFAULTS:1.1.2.26Fri
moriyoshi Fri Apr 4 04:15:18 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Sorry, forgot these ones
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.27 php4/TODO_SEGFAULTS:1.1.2.28
---
sas Thu Apr 3 13:22:14 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Update - we purged the full list\!
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.15 php4/TODO_SEGFAULTS:1.1.2.16
---
sas Thu Apr 3 13:52:35 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
update regarding dbase extension
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.16 php4/TODO_SEGFAULTS:1.1.2.17
---
sas Thu Apr 3 13:55:54 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
fix
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.17 php4/TODO_SEGFAULTS:1.1.2.18
--- php4/TODO_SEGFAULTS:1.1.2.17Thu Apr 3 13:52:35
That dbase extension is a trainwreck. Did you see the code I fixed
yesterday? It had:
cp = (char *)malloc(256);
strcpy(cp, dp); strcat(cp, .dbf);
;(
-Rasmus
On Thu, 3 Apr 2003, Sascha Schumann wrote:
sas Thu Apr 3 13:52:35 2003 EDT
Modified files: (Branch:
sas Thu Apr 3 14:46:26 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
augment summary with fixes which predate the list
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.20 php4/TODO_SEGFAULTS:1.1.2.21
---
sas Thu Apr 3 15:07:40 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
one in socket_select
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.21 php4/TODO_SEGFAULTS:1.1.2.22
--- php4/TODO_SEGFAULTS:1.1.2.21Thu
iliaa Thu Apr 3 19:29:37 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Fixed segv as well as info about new segvs in gd.
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.22 php4/TODO_SEGFAULTS:1.1.2.23
---
iliaa Thu Apr 3 19:44:35 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
More gd stuff.
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.23 php4/TODO_SEGFAULTS:1.1.2.24
--- php4/TODO_SEGFAULTS:1.1.2.23Thu Apr
iliaa Thu Apr 3 20:17:35 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Notes about various possible integer overflows in bundled gd library.
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.24
rasmus Wed Apr 2 16:31:52 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
/php4/ext/standard string.c
Log:
Fix the setlocale() segfault
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.8 php4/TODO_SEGFAULTS:1.1.2.9
rasmus Wed Apr 2 18:09:39 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
/php4/ext/standard basic_functions.c
Log:
Fix unregister_tick_function crash
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.9
rasmus Wed Apr 2 18:50:41 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
/php4/ext/bcmathbcmath.c
Log:
Negative precision makes no sense, so check for that, but let the memory
manager error out on huge non-negative precision args
rasmus Wed Apr 2 19:16:51 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Update
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.11 php4/TODO_SEGFAULTS:1.1.2.12
--- php4/TODO_SEGFAULTS:1.1.2.11Wed Apr 2
moriyoshi Wed Apr 2 19:20:15 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Removed i18n_convert() from the entries because that is an alias for
mb_convert_encoding()
Index: php4/TODO_SEGFAULTS
diff -u
moriyoshi Wed Apr 2 20:01:35 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
segfault busting news
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.13 php4/TODO_SEGFAULTS:1.1.2.14
--- php4/TODO_SEGFAULTS:1.1.2.13
moriyoshi Wed Apr 2 20:04:13 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Unable to reproduce..
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.14 php4/TODO_SEGFAULTS:1.1.2.15
--- php4/TODO_SEGFAULTS:1.1.2.14
sas Tue Apr 1 07:38:35 2003 EDT
Added files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Overview of open issues and how to reproduce
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
sas Tue Apr 1 07:43:45 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
editing
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.1 php4/TODO_SEGFAULTS:1.1.2.2
--- php4/TODO_SEGFAULTS:1.1.2.1 Tue Apr 1 07:38:35 2003
+++
sas Tue Apr 1 07:54:48 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
The ob_start issue is reproducible.
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.2 php4/TODO_SEGFAULTS:1.1.2.3
---
sas Tue Apr 1 08:02:46 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
more insight re. ob_start bug
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.3 php4/TODO_SEGFAULTS:1.1.2.4
--- php4/TODO_SEGFAULTS:1.1.2.3 Tue
rasmus Tue Apr 1 13:26:14 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
Log:
Update (not fixed in HEAD because the API for this function needs to
change in PHP5. It is moronic the way it is now)
Index: php4/TODO_SEGFAULTS
diff -u
rasmus Tue Apr 1 13:47:01 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
/php4/ext/exif exif.c
Log:
Fix exif crashes
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.5 php4/TODO_SEGFAULTS:1.1.2.6
---
rasmus Tue Apr 1 14:10:35 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
/php4/ext/dbase dbf_head.c
Log:
Argh!!! I guess nobody has ever looked at this code.
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.6
rasmus Tue Apr 1 16:44:47 2003 EDT
Modified files: (Branch: PHP_4_3)
/php4 TODO_SEGFAULTS
/php4/ext/standard array.c
Log:
Arbitrarily limit array_pad() to only do 1 million elements at a time.
Probably still too high, but it solves the segfault for
30 matches
Mail list logo
