x87 FPU PHP bug causes infinite loop - affected websites vulnerable to DoS via PHP $_GET function (2.2250738585072011e-308)

tl;dr PHP Bug #53632 may be used for DoS attack

PHP compiles by default with x87 math. The x87 FPU is deprecated, and replaced by SSE.

The old GCC bug 323 (a feature request) causes PHP to hang on the numeric value 2.2250738585072011e-308

The x87 FPU PHP Bug #53632 poses serious DoS security risks, as many websites run on servers with PHP compiled with default CFLAGS.

To DoS an affected website, all an attacker has to do is send the numeric value 2.2250738585072011e-308 to the PHP $_GET function which is used to collect values from a form sent with method="get". The server will try to interpret 2.2250738585072011e-308 as a number, and produce an infinite loop which will eat all available system resources and lock the PHP process.

For example, DoS on affected Drupal powered website: http://www.vedetta.com/node/2.2250738585072011e-308

To fix this, PHP must be compiled with the following CFLAGS: -mfpmath=sse
(use SSE, disable x87 FPU)
[edit] Patch: Fixed Bug #53632 (infinite loop with x87 fpu). (Scott, Rasmus)

x87 vs. SSE

Interview with William Kahan, mathematician and computer scientist involved in designing the 8087 math coprocessor

Java Runtime and Compiler can be sent into an infinite loop in a similar fashion http://www.exploringbinary.com/java-hangs-when-converting-2-225073858507...

Oracle Security Alert with a fix (Java SE Floating Point Updater Tool) for the vulnerability CVE-2010-4476 http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-30...