OT: PHP 32 bit numbers security issue
Hetz Ben Hamo
hetzbh at gmail.com
Wed Jan 5 12:56:40 IST 2011
Hi Tzafrir,
Regarding the link, I tweeted the post link and simply pasted the short
version here from the buffer.
As for the bug, it seems that it fixed in SVN, now the various distributions
needs to backport it to the various PHP versions and packages.
Hetz
2011/1/5 Tzafrir Cohen <tzafrir at cohens.org.il>
> On Wed, Jan 05, 2011 at 12:05:25PM +0200, Hetz Ben Hamo wrote:
> > Hi,
> > I just found something related to PHP and handling 32 bit numbers, I
> wrote
> > about it here: http://goo.gl/xqQZd
>
> I missed one characted and ended up with:
>
>
> http://www.tzb-info.cz/106687-vyborne-tepelneizolacni-vlastnostmi-cihel-rady-porotherm-44-eko
>
> Is it really that big a problem to give the long link
> http://blog.hetz.biz/?p=206
>
> I know it's 8 characters longer, and 8 characters are a big deal
> noawadays. But still, I'd like to know where I'm going to.
>
> Anyway, both your article and the linked Register. I can't really
> reproduce their issue. I tried their example on a not-so-uptodate
> machine I have here:
>
> $ time php -r '$d = 2.2250738585072011e-308;'
>
> real 0m0.025s
> user 0m0.008s
> sys 0m0.016s
>
> I tried playing with this a bit more, and I get the expected flating
> point behaviour:
>
> $ time php5 -r "\$d = 2.2250738585072011e-308; echo \$d+6;"
> 6
> real 0m0.026s
> user 0m0.024s
> sys 0m0.000s
>
> php5-cli 5.2.6.dfsg.1-1
>
> (Tried this on both a 32bit and a 64bit Debian system)
>
>
> The relevant bug report is here:
> http://bugs.php.net/bug.php?id=53632
>
> So this bug looks like an odd interaction with the toolchain. Not sure
> whose fault it is. But before you panic: check to see if the PHP version
> of your is actually broken. It's easy.
>
> --
> Tzafrir Cohen | tzafrir at jabber.org | VIM is
> http://tzafrir.org.il | | a Mutt's
> tzafrir at cohens.org.il | | best
> tzafrir at debian.org | | friend
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
--
*חץ בן חמו
חץ-ביז (הוסטינג)
*השכרה ואירוח של שרתים פיזיים
השכרת שרתים וירטואליים מקצועיים וגדולים במחירים *קטנים*
בקרו באתרנו בכתובת hetz.biz <http://www.hetz.biz/> ובבלוג שלנו:
blog.hetz.biz
טלפוןן: 0783333113/4/5, אימייל: sales at hetz.biz
מסנג'ר: sales at hetz.biz - סקייפ: heunique
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110105/ae91c43c/attachment.html>
More information about the Linux-il
mailing list