[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTimhpVnyR-=aY9h8XAwdQQRqeobZG7KA1FaTv5qb@mail.gmail.com>
Date: Wed, 9 Feb 2011 21:31:52 +0100
From: Christian Sciberras <uuf6429@...il.com>
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk, literalka@...a.eu
Subject: Re: {Java,PHP} Server Exploits
You've misread my statement, I didn't say floating point is trivial.
I actually said securing a base data type is trivial.
I'd give you credit if this was a complex issue in, say, deserializing some
complex type, but not float.
How many simple types does PHP have? Integer, float, string and boolean.
Keep in mind that when we talk about floating point in PHP, we're talking
about The Float (64bit || 32bit), not tens of different floating types
ranging from 8 bits to 1024...
Cheers,
Chris.
On Wed, Feb 9, 2011 at 9:13 PM, <Valdis.Kletnieks@...edu> wrote:
> On Wed, 09 Feb 2011 20:54:41 +0100, Christian Sciberras said:
>
> > $f=floatval("2.2250738585072011e-308");
> > echo 'Try 2 => '.$f.'</br>';
>
> > Plus, I'm a bit amazed such a bug exists in PHP - since converting to
> > floating point is a trivial operation, it should have been limited and
> > safe-guarded from the start.
>
> Take a careful gander at that number, then go look at the floating point
> spec -
> it's a specific corner case that isn't obviously trivial to get right
> (doing
> floating point *right* is a lot harder than it looks - take a class on
> numerical methods sometime, you spend 75% of your time dealing with
> rounding
> errors in the last bit).
>
> Having said that, anybody writing floating point support for a package
> should
> probably google 'floating point paranoia' and learn what sort of things to
> test
> for. :)
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists