Re: [PHP-DEV] Bug #3027: error_log interpets % as printf formats and chrashes From: Adam Trachtenberg (adam <email protected>)
Date: 12/22/99

On 22 Dec 1999 zot <email protected> wrote:

> From: zot <email protected>
> Operating system: Linux, FreeBSD
> PHP version: 3.0.12
> PHP Bug Type: Reproduceable crash
> Bug description: error_log interpets % as printf formats and chrashes
>
> error_log("'%eagle'");
>
> produces in the apache error_log:
> [Wed Dec 22 11:28:26 1999] [error] '5.318473e-315agle'
>
> other printf strings. In a sql statement of length it crashes
> repeatedly on any query that has a %e %f %g %h %n
>
> My guess is error_log is taking from the next set of arguments, the
> values for %. Thus it is causing a buffer overflow from time to time.
> though error_log("'%etttt'"); shows the same scientific number as
> eagle.

I've come across this problem before -- I thought I saw Ken Coar patch
this, however.

I just did some checking: see

http://bugs.php.net/bugs.php3?id=1955&edit=1

and this really long url

http://bonsai.php.net/bonsai/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=php3&command=DIFF_FRAMESET&file=main.c&rev1=1.504&rev2=1.505&root=/local/repository

-adam 

-- 
/ adam maccabee trachtenberg | visit college life online \
\ adam <email protected>           | http://www.student.com    /

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>