PHP buffer overruns [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

---

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 7 years ago.

Improve this question

Are there any known points to be careful about buffer overruns in PHP? Currently I take an email address from a form, run it through preg_match to check it's only a single address, call the mail function with it, and store another load of form data in a database using PDOStatement::bindValue().

Anything to worry about?

Answer 1

If you are asking if it's possible to write code in PHP that contains buffer overflow vulnerabilities, then the answer is no. You can't have those in PHP, it manages the memory for you and you can't directly alter the memory. The only scenario is that PHP itself has a (security) bug, which you can mitigate by keeping PHP up to date.

Answer 2

In addition to using preg_match to check for proper formatting, I wouldn't do anything with user input without checking its length first. I could probably come up with a 10,000 character string that would pass a simple formatting check.