From: rasmus
Operating system: Linux
PHP version: 5.4Git-2012-08-15 (Git)
Package: Date/time related
Bug Type: Bug
Bug description:Invalid read in strptime
Description:
------------
==26201== Invalid read of size 8
==26201== at 0x8355A84: __GI___strncasecmp_l (strcmp.S:1862)
==26201== by 0x8377F16: __strptime_internal (strptime_l.c:420)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8353C5C: __GI___strncasecmp_l (strcmp.S:216)
==26201== by 0x8377FAC: __strptime_internal (strptime_l.c:431)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8355A84: __GI___strncasecmp_l (strcmp.S:1862)
==26201== by 0x837802B: __strptime_internal (strptime_l.c:444)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8353C5C: __GI___strncasecmp_l (strcmp.S:216)
==26201== by 0x8378520: __strptime_internal (strptime_l.c:446)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8354804: __GI___strncasecmp_l (strcmp.S:862)
==26201== by 0x8377F16: __strptime_internal (strptime_l.c:420)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8354804: __GI___strncasecmp_l (strcmp.S:862)
==26201== by 0x837802B: __strptime_internal (strptime_l.c:444)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8353C5C: __GI___strncasecmp_l (strcmp.S:216)
==26201== by 0x8377F16: __strptime_internal (strptime_l.c:420)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x8353C5C: __GI___strncasecmp_l (strcmp.S:216)
==26201== by 0x837802B: __strptime_internal (strptime_l.c:444)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x83545B4: __GI___strncasecmp_l (strcmp.S:737)
==26201== by 0x8377F16: __strptime_internal (strptime_l.c:420)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201==
==26201== Invalid read of size 8
==26201== at 0x83545B4: __GI___strncasecmp_l (strcmp.S:737)
==26201== by 0x837802B: __strptime_internal (strptime_l.c:444)
==26201== by 0x6DA392: zif_strptime (datetime.c:101)
==26201== by 0x874BE8: zend_do_fcall_common_helper_SPEC
(zend_vm_execute.h:642)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
==26201== Address 0xe750948 is 0 bytes after a block of size 8 alloc'd
==26201== at 0x4C2C56F: malloc (vg_replace_malloc.c:267)
==26201== by 0x7AA930: _estrndup (zend_alloc.c:2596)
==26201== by 0x7CDD2B: _zval_copy_ctor_func (zend_variables.c:121)
==26201== by 0x7FD79F: ZEND_SEND_VAL_SPEC_CONST_HANDLER
(zend_variables.h:45)
==26201== by 0x82F10E: execute (zend_vm_execute.h:410)
==26201== by 0x7D0376: zend_execute_scripts (zend.c:1286)
==26201== by 0x76FED2: php_execute_script (main.c:2473)
==26201== by 0x87724E: do_cli (php_cli.c:988)
==26201== by 0x439C6D: main (php_cli.c:1364)
Test script:
---------------
$orig = setlocale(LC_ALL, 'C');
date_default_timezone_set("GMT");
$res = strptime("July 10", '%B %H');
var_dump($res["tm_year"]);
--
Edit bug report at https://bugs.php.net/bug.php?id=62824&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=62824&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=62824&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=62824&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=62824&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=62824&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=62824&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=62824&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=62824&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=62824&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=62824&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=62824&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=62824&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=62824&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=62824&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=62824&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=62824&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=62824&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=62824&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=62824&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=62824&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=62824&r=mysqlcfg
