diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2003-04-10 03:27:34 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2003-04-10 03:27:34 +0000 |
| commit | 729d43f7331158f232ea63dd4af7321f7e8ae331 (patch) | |
| tree | db4777a1f8c117dd5a592b83e6d788e9d516d006 | |
| parent | 0c0482d59c3a3652de9e85bd08a5071b10244694 (diff) | |
| download | php-git-729d43f7331158f232ea63dd4af7321f7e8ae331.tar.gz | |
More integer overflows.
| -rw-r--r-- | TODO_SEGFAULTS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/TODO_SEGFAULTS b/TODO_SEGFAULTS index de2dff94de..9e9e70469f 100644 --- a/TODO_SEGFAULTS +++ b/TODO_SEGFAULTS @@ -31,6 +31,8 @@ Open: imagesetstyle (5) bundled gd (6) exif extension (7) + php_base64_encode (8) + pack (9) (1) heap corruption, mostly visible in malloc-related calls. Whether you see this or not might depend on your libc/compiler. Hard to track down, @@ -97,6 +99,9 @@ Methodology (7) few possible integer overflows, once safe_emalloc() or something similar is implemented they can all be addressed. +(8) integer overflow if the specified string is longer then ~1.1 billion bytes. + +(9) multiple integer overflows, ex. pack("d4294967297", 2); Ammendment 1. |