fran wrote:

This actually appears to be a bug in PHP's strtotime() function; a rather nasty one. Running this:

php -r "strtotime('+1000000000000 days');"

causes PHP to run seemingly forever on my laptop. Unfortunately, I'm not completely sure how we'd be able to detect this consistently.

ed.nr.drie wrote:

If this implies potential DoS vulnerability, this report's severity and priority status may need updating.

fran wrote:

Indeed, this has DoS potential; I've upgraded it to "Critical."

This bug recently filed in PHP's bug tracker appears to be the cause:
http://bugs.php.net/bug.php?id=45822

Created attachment 5329
Patch for PHP 5.x

I've sent this patch to Derick Rethans, who maintains the code in question, but he hasn't applied it yet, AFAIK. I talked to him about it on IRC and didn't seem very interested. It doesn't work for PHP 6. PHP 6 has some extra features and I still need a bit of extra inspiration to reimplement them in a loop-free way.

Attached:

Just did a quick feedback check with Derick. Response: no time, but not forgotten.

Derick tells me that a solution to this problem is in PHP 5.3-cvs.

Now that the crash problem is solved, PF should handle such cases sanely. Currently, for {{#time:j F| +1000000000000 days}} the output is "90 <>", which is a bit random.

Since the fix is in PHP, anyone running into this problem should run PHP 5.3+ (I trust Tim to reopen if I'm wrong.)

• Bug 28127 has been marked as a duplicate of this bug. ***