> -----Original Message----- > From: parasane@xxxxxxxxx [mailto:parasane@xxxxxxxxx] On Behalf Of > Daniel Brown > Sent: Sunday, January 16, 2011 7:00 PM > To: Tommy Pham > Cc: PHP General; PHP Internals List; security@xxxxxxx > Subject: Re: [security] PHP has DoS vuln with large decimal points > > On Sun, Jan 16, 2011 at 21:00, Tommy Pham <tommyhp2@xxxxxxxxx> wrote: > > > > Here are the results after some further tests for the same platform: > > > > * max float value: 1.7976931348623E+308 > > * min float value: 9.8813129168249E-324 << > > floatval('1.0000000000000000000000e-323') weird ... > > > > PHP wil hang when the value is between (inclusive) > > > > floatval('2.22507385850720102e-308') - > > floatval('2.22507385850720113e-308') > > > > I can't find the bug report for the issue @ bugs.php.net. Does anyone > > know if one is submitted? I should submit one? Sucribe to dev list > > and go from there? > > If in doubt, file a bug. Worse comes to worst, it will be marked as bogus or > a duplicate. For security-related things, send them to security@xxxxxxx, > not to the General list. Again, if it's of no concern, it will simply be ignored > as bogus or already known. > > -- > </Daniel P. Brown> > Network Infrastructure Manager > Documentation, Webmaster Teams > http://www.php.net/ Thanks Dan. I'll keep it in mind for the future. For interested parties, that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with the current official 5.3.5 NTS VC9. Thanks, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php