my understanding based on all of the speculation i have read was that something in PHP itself (or possibly some very widely used function in PHP), eg parsing of HTTP headers, was calling the affected function in such a way that could be controlled by a user, rather than if you are using some very obscure feature of PHP in a risky way then you were affected
so far though all the information we have is someone trying to get some attention for their conference and then speculation based on that
2
Answers
Even if you don’t call it directly, it might be called indirectly by library functions that you call.
See how to identify all libc calls at compile time? for how you can determine if your application calls a specific function in libc.
my understanding based on all of the speculation i have read was that something in PHP itself (or possibly some very widely used function in PHP), eg parsing of HTTP headers, was calling the affected function in such a way that could be controlled by a user, rather than if you are using some very obscure feature of PHP in a risky way then you were affected
so far though all the information we have is someone trying to get some attention for their conference and then speculation based on that