Friday, January 7, 2011

PHP Bug may crash a Srever




A newly unearthed bug in certain versions of the PHP scripting language could crash servers when the software is given the task of converting a large floating point number, raising the possibility that the glitch could be exploited by hackers.

The bug will cause the PHP processing software to enter an infinite loop when it tries to convert the series of digits "2.2250738585072011e-308" from the string format into the floating point format.

At least one PHP user has commented that a malicious user could crash a server running PHP by feeding this digit to the PHP processor through the language's get function.

The bug only seems to affect version 5.2 and 5.3 of the language, and only when they are run on Intel 32-bit CPUs that use the x87 instruction set.

To fix the problem, users can download patches for those versions or recompile PHP with additional flags for handling floating point digits.

Computer scientist Rick Regan first reported the bug on Monday, and the PHP development team issued patches the following day.

Regan speculated that this particular number is troublesome because it is the "largest subnormal double-precision floating-point number." In general, floating point digits are a challenge for developers to handle correctly, given the complex and differing techniques compilers and hardware instruction sets render such numbers.

What’s Special About 2.2250738585072011e-308?

2.2250738585072011e-308 represents the largest subnormal double-precision floating-point number; written as a hexadecimal floating-point constant, it’s 0x0.fffffffffffffp-1022. 2.2250738585072011e-308 is one of five 17-digit decimal values that convert (correctly) to 0x0.fffffffffffffp-1022:
2.2250738585072007e-308
2.2250738585072008e-308
2.2250738585072009e-308
2.2250738585072010e-308
2.2250738585072011e-308

Only 2.2250738585072011e-308 causes the problem. It happens to be the largest of the five decimal values

No comments:

Post a Comment