PHP floating point bug fix due within hours

A bug in the PHP scripting language leaves Web servers with large floating point numbers open to DOS attacks

By , InfoWorld |  Security, PHP, vulnerabilities

Principal developers of the PHP language expect to release within hours a fix to a newly reported issue that can prevent 32-bit systems running PHP from serving pages, a key developer of PHP said on Wednesday morning.

PHP is a popular language for use in Web development. The problem opens up PHP systems to a remotely exploitable DOS attack. It affects Linux and Windows and is related to a floating point issue, said Andi Gutmans, a key developer of PHP and CEO of Zend Technologies, which offers PHP development tools. Systems could get tied up in an infinite loop.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

Developers of PHP expect to have a workaround available in versions of PHP due Wednesday, Gutmans said. The versions are tentatively being called PHP 5.3.5 and 5.2.17. "It should be a matter of hours" before the fix is out," Gutmans said. Zend also will offer a fix to its Zend Server product to address the problem.

Gutmans attributed the issue to a design flaw in the x87 floating point unit that is part of an old Intel X86 chipset, in which compilers by default do not work around the issue. "As a result, the floating point in PHP gets hit by this bug," said Gutmans, who said he was unaware of any actual PHP sites being affected by the problem. The issue is not expected to affect large-capacity PHP users who are likely on 64-bit systems anyway, Gutmans said.  "It's a hardware mis-design," he said.

A computer scientist who reported the problem said it emerged during research.

"I was investigating the decimal/binary conversion of the so-called subnormal numbers, which are the smallest of the small floating-point numbers," said computer scientist Rick Regan, of the Exploring Binary blog. "The particular number that caused the problem, 2.2250738585072011e-308, converts to the largest of the double-precision subnormal numbers; it's at the boundary of the normalized and unnormalized floating-point numbers. I was looking at all the 17 significant digit decimal numbers -- there are five of them -- that convert to this largest subnormal floating-point number. For reasons unknown to me -- and quite unexpectedly -- 2.2250738585072011e-308 caused PHP to go into an infinite loop (and by the way, the other four didn't)."


Originally published on InfoWorld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Ask a Question
randomness