PHP floating point bug crashes servers

From InfoWorld: A newly unearthed bug in certain versions of the PHP scripting language could crash servers when the software is given the task of converting a large floating point number, raising the possibility that the glitch could be exploited by hackers.

The bug will cause the PHP processing software to enter an infinite loop when it tries to convert the series of digits "2.2250738585072011e-308" from the string format into the floating point format.

At least one PHP user has commented that a malicious user could crash a server running PHP by feeding this digit to the PHP processor through the language's get function.

The bug only seems to affect version 5.2 and 5.3 of the language, and only when they are run on Intel 32-bit CPUs that use the x87 instruction set.

To fix the problem, users can download patches for those versions or recompile PHP with additional flags for handling floating point digits.

View: Article @ Source Site