Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - PHP floating point bug crashes servers ->

Submitted by alphadogg
alphadogg (971356) writes "A newly unearthed bug in certain versions of the PHP scripting language could crash servers when the software is given the task of converting a large floating point number, raising the possibility that the glitch could be exploited by hackers.

The bug will cause the PHP processing software to enter an infinite loop when it tries to convert the series of digits "2.2250738585072011e-308" from the string format into the floating point format.

At least one PHP user has commented http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ that a malicious user could crash a server running PHP by feeding this digit to the PHP processor through the language's get function.

The bug only seems to affect version 5.2 and 5.3 of the language, and only when they are run on Intel 32-bit CPUs that use the x87 instruction set.

Computer scientist Rick Regan http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ first reported the bug on Monday, and the PHP development team issued patches the following day."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

PHP floating point bug crashes servers

Comments Filter:

If I'd known computer science was going to be like this, I'd never have given up being a rock 'n' roll star. -- G. Hirst

Working...