PHP :: Bug #34884 :: Changing ini value sqlite.assoc_case to 1 or 2 produces a segmentation fault.

Bug #34884

Changing ini value sqlite.assoc_case to 1 or 2 produces a segmentation fault.

Submitted:

2005-10-16 16:11 UTC

Modified:

2005-10-17 17:29 UTC

Votes:	3
Avg. Score:	4.0 ± 1.4
Reproduced:	3 of 3 (100.0%)
Same Version:	3 (100.0%)
Same OS:	2 (66.7%)

From:

oancea at gmail dot com

Assigned:

iliaa (profile)

Status:

Closed

Package:

SQLite related

PHP Version:

5.1.0RC1

OS:

Mandriva Linux 2006

Private report:

CVE-ID:

None

View Developer Edit

[2005-10-16 16:11 UTC] oancea at gmail dot com

Description:
------------
When changing the value of the ini setting sqlite.assoc_case to 1 or 2 causes a php crash.

Tested with php 5.0.4, php 5.0.5 and php 5.1.0RC1 on Mandriva Linux 2006.

Reproduce code:
---------------
<?php
if (is_file('test.db')) unlink ('test.db');

ini_set('sqlite.assoc_case', 1); // with 2 is the same thing

$query=<<<sql
    CREATE TABLE authors (
        id INTEGER PRIMARY KEY,
        name VARCHAR(100),
        email VARCHAR(150)
    );
sql;

$db= sqlite_open('test.db');

sqlite_query($db, $query);

$_query="PRAGMA table_info(authors)";

$rs= sqlite_query($db, $_query);

// if the last line is replaced by 
// sqlite_query($db, $_query); 
// will work without seg. fault, 
// but the is no use to do that, since we have to process the result set.


Expected result:
----------------
Not a Segmentation fault anyway.

Actual result:
--------------
(gdb) run sqlite.php
Starting program: /wwwroot/bin/php sqlite.php
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
[Thread debugging using libthread_db enabled]
[New Thread -1216205984 (LWP 31099)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216205984 (LWP 31099)]
0x0821434f in php_sqlite_fetch (rres=0x87c5460, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:90
90                      *s = tolower(*s);
(gdb) bt
#0  0x0821434f in php_sqlite_fetch (rres=0x87c5460, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:90
#1  0x08214522 in sqlite_query (object=0x0, db=0x87c4eb8, sql=0x87c5f98 "PRAGMA table_info(authors)", sql_len=26, mode=99, buffered=1,
    return_value=0x87c5fe8, prres=0xbffcdd18, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:1558
#2  0x082148d4 in zif_sqlite_query (ht=2, return_value=0x87c5fe8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, tsrm_ls=0x8636018)
    at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:1740
#3  0x08346c7d in zend_do_fcall_common_helper_SPEC (execute_data=0xbffcdf4c, tsrm_ls=0x8636018)
    at /home/aurelian/src/php-5.1.0RC1/Zend/zend_vm_execute.h:184
#4  0x083461d9 in execute (op_array=0x87c20d8, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/Zend/zend_vm_execute.h:87
#5  0x08321777 in zend_execute_scripts (type=8, tsrm_ls=0x8636018, retval=Variable "retval" is not available.
) at /home/aurelian/src/php-5.1.0RC1/Zend/zend.c:1078
#6  0x082e04fa in php_execute_script (primary_file=0xbffd034c, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/main/main.c:1672
#7  0x083c9e9b in main (argc=2, argv=0xbffd0424) at /home/aurelian/src/php-5.1.0RC1/sapi/cli/php_cli.c:1039

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-10-17 17:29 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Mar 04 06:01:27 2025 UTC