A newly unearthed bug in certain versions of the PHP
scripting language could crash servers when the software is given the task of
converting a large floating point number, raising the possibility that the
glitch could be exploited by hackers.
The bug will cause the PHP processing software to enter an
infinite loop when it tries to convert the series of digits
"2.2250738585072011e-308" from the string format into the floating
point format.
At least one PHP user has commented that a malicious user
could crash a server running PHP by feeding this digit to the PHP processor
through the language's get function.
The bug only seems to affect version 5.2 and 5.3 of the
language, and only when they are run on Intel 32-bit CPUs that use the x87
instruction set.
To fix the problem, users can download patches for those
versions or recompile PHP with additional flags for handling floating point
digits.
Computer scientist Rick Regan first reported the bug on
Monday, and the PHP development team issued patches the following day.
Regan speculated that this particular number is troublesome
because it is the "largest subnormal double-precision floating-point
number." In general, floating point digits are a challenge for developers
to handle correctly, given the complex and differing techniques compilers and
hardware instruction sets render such numbers.
What’s Special About
2.2250738585072011e-308?
2.2250738585072011e-308 represents the largest subnormal
double-precision floating-point number; written as a hexadecimal floating-point
constant, it’s 0x0.fffffffffffffp-1022. 2.2250738585072011e-308 is one of five
17-digit decimal values that convert (correctly) to 0x0.fffffffffffffp-1022:
2.2250738585072007e-308
2.2250738585072008e-308
2.2250738585072009e-308
2.2250738585072010e-308
2.2250738585072011e-308
Only 2.2250738585072011e-308 causes the problem. It happens
to be the largest of the five decimal values
No comments:
Post a Comment