PHP Floating Point Bug
RSS FeedPosted by Will Bond on 1/14/11 at 2:35 pm, no comments
Recent Blogs
- Moving to GitHub 4/2/12
- Cutting Down on Spam 6/15/11
- Alter Table Improved, Especially for SQLite 5/24/11
- PHP|Tek 2011 5/18/11
- PHP Floating Point Bug 1/14/11
About
Flourish is a PHP unframework, a general-purpose, object-oriented library focused on security, documentation, ease-of-use and portability.
Twitter
Ohloh
GitHub
Bitbucket
Launchpad
IRC
Just last week a rather serious denial of service (DoS) vulnerability was found in PHP, affecting versions 5.2.0 through 5.2.16 and 5.3.0 through 5.3.4. The bug, #53632, causes PHP to enter an infinite loop when working with the value 2.2250738585072011e-308 as a floating point number. The simple submission of this value to a site multiple times can easily cause the web server to become unresponsive to users.
The good news is that if you are using fRequest::get() and passing float to the $cast_to parameter and Flourish r950 or newer, you will be automatically protected from this vulnerability. The value 2.2250738585072011e-308 will be converted to 2.2250738585072012e-308, which resolves to the same floating point value, but does not cause the infinite loop.
If you are using an older revision of Flourish, I strongly recommend you use the flourish.rev file in your Flourish directory with the backwards compatibility breaks page to upgrade your code to the latest revision.
