 |
 |
 |
 |
|
|
Date: 01/12/99
- Next message: Bug Database: "[PHP-DEV] Bug #1058 Updated: Different $DOCUMENT_ROOT specs"
- Previous message: Andrey Zmievski: "Re: [PHP-DEV] dlist.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: abbaer <email protected>
Operating system: Windows 95
PHP version: 3.0.6
PHP Bug Type: Reproduceable crash
Bug description: sequence of str_replace statements results in a reproducable PHP crash
<?
$baseURL="http://www.landsend.com/";
if ($url=="") {
$url=$baseURL.'spawn.cgi <email protected>&GRAPHIC&NODEPROD0795&0916064873251';
} else {
#process our own query string;
$url=substr($QUERY_STRING,strpos($QUERY_STRING,'=')+1);
}
$div=strpos($url,"@");
$url[$div]="?";
$xf=fopen($url, "r" );
$contents = fread( $xf, 100000 );
fclose( $xf );
$contents = str_replace("BACKGROUND=\"/","BACKGROUND=\"http://www.landsend.com/",$contents);
$contents=str_replace( "IMG SRC=\"", "IMG SRC=\"http://www.landsend.com", $contents );
$contents=str_replace( "img src=\"", "IMG SRC=\"http://www.landsend.com", $contents );
echo $contents;
?>
addition of the third str_replace statement causes the crash.
PHP caused an invalid page fault in
module PHP.EXE at 014f:0044087a.
Registers:
EAX=000046a8 CS=014f EIP=0044087a EFLGS=00010202
EBX=69696969 SS=0157 ESP=006bec70 EBP=00d3d9f0
ECX=00000000 DS=0157 ESI=00d2d9d4 FS=13bf
EDX=00d34000 ES=0157 EDI=e8686868 GS=0000
Bytes at CS:EIP:
8b 0a 33 cb bf ff fe fe 7e 03 f9 83 f1 ff 33 cf
Stack dump:
00e11500 00d3301c 004176bb 00d3301c 00000069 00005690 00000020 0047e4fc 006bfda8 0047e4f0 00d33064 00005690 00d3305c 0041757e 00d3d9f0 00d2d9d4
-- PHP Development Mailing List http://www.php.net/ To unsubscribe send an empty message to php-dev-unsubscribe <email protected> For help: php-dev-help <email protected>
- Next message: Bug Database: "[PHP-DEV] Bug #1058 Updated: Different $DOCUMENT_ROOT specs"
- Previous message: Andrey Zmievski: "Re: [PHP-DEV] dlist.c"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]