php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53323 pdo_firebird getAttribute() crash
Submitted: 2010-11-16 17:44 UTC Modified: 2010-11-16 22:04 UTC
From: preeves at ibphoenix dot com Assigned: felipe (profile)
Status: Closed Package: PDO related
PHP Version: 5.3.3 OS:
Private report: No CVE-ID: None
 [2010-11-16 17:44 UTC] preeves at ibphoenix dot com
Description:
------------
There is a bug and a few omissions in firebird_handle_get_attribute.

Most significantly it declares tmp[200] which is used to store the server 
version. Unfortunately, a typical server version string is now over 300 bytes 
long. So this call just blows the driver out of the water, leaves this error 
in the apache log:

*** stack smashing detected ***: /usr/sbin/httpd2-prefork terminated                                                                                        
[Tue Nov 16 13:42:53 2010] [notice] child pid 11656 exit signal Segmentation
fault (11)

and the user is left staring at a server timeout error in the browser. This is 
easily fixed by declaring tmp[]  to be larger.

Less seriously, these attributes are not handled:

  PDO_ATTR_PREFETCH,
  PDO_ATTR_TIMEOUT,
  PDO_ATTR_FETCH_TABLE_NAMES

so if they are called outside a try..catch then the call will fail badly. It 
is not obvious that a try..catch should be required so it is probably better 
to just handle these cases in the driver.

I've attached a patch which fixes all of these issues.


Patches

php-5.3.3-pdo_firebird_driver_attributes.patch (last revision 2010-11-16 16:45 UTC by preeves at ibphoenix dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-16 22:02 UTC] felipe@php.net
Automatic comment from SVN on behalf of felipe
Revision: http://svn.php.net/viewvc/?view=revision&revision=305416
Log: - Fixed bug #53323 (pdo_firebird getAttribute() crash)
  patch by: preeves at ibphoenix dot com
 [2010-11-16 22:04 UTC] felipe@php.net
-Summary: Some calls to pdo_firebird getAttribute crash +Summary: pdo_firebird getAttribute() crash -Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2010-11-16 22:04 UTC] felipe@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Thanks for the patch!

I've modified a bit the patch, I removed the lines adding PDO_ATTR_PREFETCH, PDO_ATTR_TIMEOUT, as this is not a pdo_firebird problem, but the pdo drivers works in this way.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC