Note:
This project will be discontinued after December 13, 2021. [more]
2019-01-15
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).
Products | Hhvm |
Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
First patch |
https://github.com/facebook/hhvm/commit/190ffdf6c8b1ec443be202c7d69e63a7e3da25e3 |
Relevant file/s |
• ./hphp/runtime/base/zend-string.cpp (modified, +2)
• ./hphp/test/slow/string/number_format_error.php (added, +19) • ./hphp/test/slow/string/number_format_error.php.expect (added, +2) |
Links | https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: