REPORT: Potentially "Fatal Flaw" in SMF's bbcode parser

dcmouser · August 31, 2015, 11:56:23 PM

Great work, dougie.

dougiefresh · September 01, 2015, 04:37:15 PM

Quote from: Joshua Dickerson on August 22, 2015, 04:42:21 AM
I don't have an SMF install right now, but should this line us " instead of "?
Code Select Expand
$tpos += ($pos1 = strpos(substr($message, $tpos), '"'));

Hmmmm..... That's a good question. Let me test and see....

Quote from: dcmouser on August 31, 2015, 11:56:23 PM
Great work, dougie.

Thanks....

dougiefresh · September 04, 2015, 09:07:12 AM

UPDATE: The nightly version of SMF 2.1 Beta 2 has addressed this issue so that memory issues as described in the first post cannot crash the forum in this way....

Joshua Dickerson · September 04, 2015, 03:46:22 PM

In testing of your function, it takes about ~18% more time for the most common usages (<4 parameters). With more parameters, your implementation might be faster but there's no default BBC that has 4+ parameters and I doubt there are many mod BBC that have that. So, I think the best implementation is the one that is currently used.

Joshua Dickerson · September 04, 2015, 03:48:37 PM

In testing, I did find a bug though.

Test

Code Select

<img src="http://avatars.simplemachinesweb.com/smf/avatar_23_1337883444.png" alt="Test height=100" width="100" class="bbc_img resized" style="cursor: pointer;">

News:

REPORT: Potentially "Fatal Flaw" in SMF's bbcode parser

dcmouser

dougiefresh

dougiefresh

Joshua Dickerson

Joshua Dickerson