Join Up! 104882 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Working with the Symfony Components PHP Libraries Moving Logic Into the Database The Big Upgrade AJAX and PHP Part 2: XML Communication/Processing Using Webalizer to analyze Apache logs

php4-beta | 199912

From: Thies C. Arntzen (thies <email protected>)
Date: 12/27/99

• Next message: Thies C. Arntzen: "[PHP4BETA] zend-scanner.l does not compile with SUNs CC (4.2)"
• Previous message: Sascha Schumann: "[PHP4BETA] cvs: /php4/ext/dbase dbf_misc.c"
• Next in thread: Zeev Suraski: "Re: [PHP4BETA] ABR: Array bounds read in ZTS mode + explanation."
• Reply: Zeev Suraski: "Re: [PHP4BETA] ABR: Array bounds read in ZTS mode + explanation."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

**** Purify instrumented bin/nsd (pid 22145) ****
ABR: Array bounds read (9440 times):
  * This is occurring while in thread 10:
    memcpy [rtlib.o]
    zend_hash_copy [zend_hash.c:861]
    compiler_globals_ctor [zend.c:247]
    allocate_new_resource [TSRM.c:200]
    ts_resource [TSRM.c:235]
    php_ns_request_handler [aolserver.c:500]
  * Reading 60 bytes from 0x264ec8 in the heap (44 bytes at 0x264ed8 illegal).
  * Address 0x264ec8 is at the beginning of a malloc'd block of 16 bytes.
  * This block was allocated from:
    malloc [rtlib.o]
    zend_hash_add_or_update [zend_hash.c:189]
    zend_register_functions [zend_API.c:698]
    zend_startup_builtin_functions [zend_builtin_functions.c:78]
    zend_startup [zend.c:363]

problem is :

zend_API.c line 698
        if (zend_hash_add(target_function_table, ptr->fname, strlen(ptr->fname)+1, &internal_function, sizeof(zend_internal_function), NULL) == FAILURE) {
            unload=1;
            break;
        }

zend.c line 238:
    zend_hash_copy(compiler_globals->function_table, global_function_table, NULL, &tmp_func, sizeof(zend_function));

but: sizeof(zend_function) > sizeof(zend_internal_function) so we're
coying uninted memory (as purify tells us) in compiler_globals_ctor().

tc

-- 
PHP 4.0 Beta Mailing List <http://www.php.net/version4/>
To unsubscribe, e-mail: php4beta-unsubscribe <email protected>
For additional commands, e-mail: php4beta-help <email protected>
To contact the list administrators, e-mail: php4beta-admin <email protected>

• Next message: Thies C. Arntzen: "[PHP4BETA] zend-scanner.l does not compile with SUNs CC (4.2)"
• Previous message: Sascha Schumann: "[PHP4BETA] cvs: /php4/ext/dbase dbf_misc.c"
• Next in thread: Zeev Suraski: "Re: [PHP4BETA] ABR: Array bounds read in ZTS mode + explanation."
• Reply: Zeev Suraski: "Re: [PHP4BETA] ABR: Array bounds read in ZTS mode + explanation."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs