Forgot your password?
typodupeerror
Security

+ - PHP floating point bug crashes servers ->

Submitted by alphadogg
alphadogg (971356) writes "A newly unearthed bug in certain versions of the PHP scripting language could crash servers when the software is given the task of converting a large floating point number, raising the possibility that the glitch could be exploited by hackers.

The bug will cause the PHP processing software to enter an infinite loop when it tries to convert the series of digits "2.2250738585072011e-308" from the string format into the floating point format.

At least one PHP user has commented http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ that a malicious user could crash a server running PHP by feeding this digit to the PHP processor through the language's get function.

The bug only seems to affect version 5.2 and 5.3 of the language, and only when they are run on Intel 32-bit CPUs that use the x87 instruction set.

Computer scientist Rick Regan http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ first reported the bug on Monday, and the PHP development team issued patches the following day."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

PHP floating point bug crashes servers

Comments Filter:

If God had a beard, he'd be a UNIX programmer.

Working...