FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


PHP Hangs On 2.2250738585072011e-308 (on some hardware)





AftershockVibe
This is quite an interesting bug (in my opinion anyway).

It turns out that if you have PHP running on certain 32bit processors then processing the numeric value 2.2250738585072011e-308 causes an infinite loop.

Here's an explanation of how someone discovered this:
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

Here's the explanation as to why:
http://news.ycombinator.com/item?id=2066084

Quote:
The problematic function, zend_strtod, seems to parse the mantissa (2.225...011 part) and the exponent (-308 part) separately, calculate the approximation of m*10^e and successively improve that approximation until the error becomes less than 0.5ulp. The problem is that this particular number causes the infinite loop (i.e. the iteration does not improve the error at all) in 80-bit FP, but does not in 64-bit FP. Since x86-64 in general uses the SSE2 instruction set (with 64-bit FP) instead of the deprecated x87 it does not have this problem.



Until they patch or recompile it, this is a problem for anyone running one of these machines as it can be externally triggered using $GET or similar.
mahirh
i agree , you could take down a whole server with just this string in a get form or something , but unfortunately a single line of code can protect you if your server is vulnerable in the mean time till a patch appears-
Quote:
Code:
if (strpos(str_replace(., , serialize($GLOBALS)), 22250738585072011′)!==false) die();
Fire Boar
Wow, that's really serious. I've just tested and reproduced the bug on my own computer, so it's not as if this only affects legacy builds. I can't believe this hasn't come up before.
Peterssidan
Question is can this affect frihost? Can we expect a PHP update soon, because it is not likely that many users will insert protections all over the place to protect the server. Now servers run multiple processes at the same time and if they do not terminate they are killed (timeout) so it's not like a single occurrence of the bug will do much harm but it gives a tool for malious people to use to put heavy load on the server.
mahirh
Peterssidan wrote:
Question is can this affect frihost? Can we expect a PHP update soon, because it is not likely that many users will insert protections all over the place to protect the server. Now servers run multiple processes at the same time and if they do not terminate they are killed (timeout) so it's not like a single occurrence of the bug will do much harm but it gives a tool for malious people to use to put heavy load on the server.

the update has released , after this update , you need not worry about this bug , so , frihost is safe
proof - http://www.php.net/archive/2011.php#id2011-01-06-1
Related topics
http://tuvanonline.com/library/index.php
PHP-Nuke platium?
PHP Write to line
Anyone good with PHP-NUKE?
PHP safety?
req: PHP to list files in directory, and link to them
php admin and mysql admin console
Mysql And PHP HELP PLZ
Great php editor
Script php about gallery
how did you learn about html, php or other languages???
H.264 and MPEG4 Cluster and/or Hardware Encoding
Please help me Design
Which CPU is better? Pentium D or DualCore
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.