[bugs] [Bug 1295] New - Invalid Data in Kronolith Produces Recursive Loop

bugs at bugs.horde.org bugs at bugs.horde.org
Tue Jul 1 19:35:10 PDT 2003 

http://bugs.horde.org/show_bug.cgi?id=1295

*** shadow/1295	Tue Jul  1 23:35:09 2003
--- shadow/1295.tmp.9830	Tue Jul  1 23:35:10 2003
***************
*** 0 ****
--- 1,50 ----
+ Bug#: 1295
+ Product: Horde
+ Version: 2.2 Stable
+ Platform: Mozilla 5.x
+ OS/Version: Linux
+ Status: NEW   
+ Resolution: 
+ Severity: major
+ Priority: P3
+ Component: IMP
+ Area: BUILD
+ AssignedTo: chuck at horde.org                            
+ ReportedBy: lawrence.ong at netregistry.net               
+ URL: 
+ Summary: Invalid Data in Kronolith Produces Recursive Loop
+ 
+ PROBLEM
+ -------
+ An insert statement of such below into kronolith_events will cause PHP to run
+ into a recursive loop, taking up the maximum memory and crash to script.
+ 
+ insert into kronolith_events
+ values('648','myemail at email.com','','','','','Mortgage','','2','','','9999-12-31
+ 00:00:00','2003-06-23 00:00:00','2003-06-24 00:00:00','0','1056075724');
+ 
+ When accessing IMP, we will eventually get:
+ 
+ Fatal error: Allowed memory size of 31457280 bytes exhausted (tried to
+ allocate 40 bytes) in /usr/share/horde2/kronolith/lib/Kronolith.php on
+ line 68
+ 
+ Fatal error: Allowed memory size of 31457280 bytes exhausted (tried to
+ allocate 0 bytes) in Unknown on line 0
+ 
+ Fatal error: Allowed memory size of 31457280 bytes exhausted (tried to
+ allocate 140 bytes) in Unknown on line 0
+ 
+ You can duplicate this also by inserting a kronolith event, select week as the
+ event inserted, delete the number 1 and click submit event.  NOTE: You must do
+ exactly what is mentioned in that order without clicking on anything else,
+ otherwise the javascript take over and insert a 1.  You will then immediately
+ notice a freeze and the out of memory error.
+ 
+ LOCATION OF PROBLEM
+ -------------------
+ From looking at the data, i found that the problem is located with the
+ event_recurinterval field.  Even though the number 1 is by default (if
+ javascript did work).  As a result, a checking in PHP itself (not just
+ javascript) should be present prior to insertion to make sure that recurinterval
+ is really NOT empty.

More information about the bugs mailing list