Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » PHP
  • » [PHP] [security] PHP has DoS vuln with large decimal points [RSS Feed]

#1 Jan. 17, 2011 03:04:07

Daniel B.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP] [security] PHP has DoS vuln with large decimal points


On Sun, Jan 16, 2011 at 21:00, Tommy Pham <tommy***@*mail.com> wrote:
>
> Here are the results after some further tests for the same platform:
>
> * max float value: 1.7976931348623E+308
> * min float value:  9.8813129168249E-324  <<
> floatval('1.0000000000000000000000e-323') weird ...
>
> PHP wil hang when the value is between (inclusive)
>
> floatval('2.22507385850720102e-308')  -
> floatval('2.22507385850720113e-308')
>
> I can't find the bug report for the issue @ bugs.php.net.  Does anyone know
> if one is submitted?  I should submit one?  Sucribe to dev list and go from
> there?

If in doubt, file a bug. Worse comes to worst, it will be marked
as bogus or a duplicate. For security-related things, send them to
secur***@*hp.net, not to the General list. Again, if it's of no
concern, it will simply be ignored as bogus or already known.

--
</Daniel P. Brown>
Network Infrastructure Manager
Documentation, Webmaster Teamshttp://www.php.net/--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#2 Jan. 17, 2011 04:25:06

Tommy P.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP] [security] PHP has DoS vuln with large decimal points


> -----Original Message-----
> From: paras***@*mail.com On Behalf Of
> Daniel Brown
> Sent: Sunday, January 16, 2011 7:00 PM
> To: Tommy Pham
> Cc: PHP General; PHP Internals List; secur***@*hp.net
> Subject: Re: PHP has DoS vuln with large decimal points
>
> On Sun, Jan 16, 2011 at 21:00, Tommy Pham <tommy***@*mail.com> wrote:
> >
> > Here are the results after some further tests for the same platform:
> >
> > * max float value: 1.7976931348623E+308
> > * min float value:  9.8813129168249E-324  <<
> > floatval('1.0000000000000000000000e-323') weird ...
> >
> > PHP wil hang when the value is between (inclusive)
> >
> > floatval('2.22507385850720102e-308')  -
> > floatval('2.22507385850720113e-308')
> >
> > I can't find the bug report for the issue @ bugs.php.net.  Does anyone
> > know if one is submitted?  I should submit one?  Sucribe to dev list
> > and go from there?
>
> If in doubt, file a bug. Worse comes to worst, it will be marked as
bogus or
> a duplicate. For security-related things, send them to secur***@*hp.net,
> not to the General list. Again, if it's of no concern, it will simply be
ignored
> as bogus or already known.
>
> --
> </Daniel P. Brown>
> Network Infrastructure Manager
> Documentation, Webmaster Teams
>http://www.php.net/Thanks Dan. I'll keep it in mind for the future. For interested parties,
that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with
the current official 5.3.5 NTS VC9.

Thanks,
Tommy


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#3 Jan. 25, 2011 15:19:15

Pierre J.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP] [security] PHP has DoS vuln with large decimal points


hi,

On Mon, Jan 17, 2011 at 5:21 AM, Tommy Pham <tommy***@*mail.com> wrote:

> Thanks Dan.  I'll keep it in mind for the future.  For interested parties,
> that's found in the official Windows 5.3.3 NTS VC9 build.  Works fine with
> the current official 5.3.5 NTS VC9.

5.3.5 was released only to fix this exact bug :-)

Cheers,
--
Pierre

@pierrejoye |http://blog.thepimp.net|http://www.libgd.org--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

  • Root
  • » PHP
  • » [PHP] [security] PHP has DoS vuln with large decimal points [RSS Feed]

Board footer

Moderator control

Enjoy the 14th of December
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support