PHP :: Bug #37886 :: oci_connect crashes php when charset-parameter is given

Bug #37886	oci_connect crashes php when charset-parameter is given
Submitted:	2006-06-22 11:59 UTC	Modified:	2006-06-23 08:26 UTC
From:	j dot henge-ernst at interexa dot de	Assigned:
Status:	Closed	Package:	OCI8 related
PHP Version:	5.1.4	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-06-22 11:59 UTC] j dot henge-ernst at interexa dot de

Description:
------------
php crashes if the fourth/charset parameter is given to oc_connect or oci_new_connect. Problem seems to be line 990 in oci8.c
Problem occurs also if ZendDebugger is not activated. Error occurs also in older versions 5.0.5

Reproduce code:
---------------
<?php
  $c=oci_new_connect("XXXXXXXX", "XXXXXXXX", "XXXXXXX.XXXXXXX.XXX.XXXXXXXXXX", 'AMERICAN_AMERICA.WE8ISO8859P15');


Actual result:
--------------
#0  0x0000002a95ea4ef2 in __pause_nocancel () from /lib64/tls/libpthread.so.0
#1  0x0000002a9a426c0c in zend_oe () from /usr/local/Zend/Core/lib/zend/optimizer/php-5.1.x/ZendOptimizer.so
#2  <signal handler called>
#3  0x0000002a96121af5 in memcpy () from /lib64/tls/libc.so.6
#4  0x0000000000000031 in ?? ()
#5  0x0000002a985c5e83 in php_oci_do_connect_ex (username=0x986418 "XXXXXXXX", username_len=8, password=0x986978 "XXXXXXXX", password_len=8, new_password=0x0, new_password_len=0, dbname=0x986088 "OPRISKT.XXXXXXXXXXXXXXXXXXXXXX", dbname_len=30, charset=0x9bacc8 "AMERICAN_AMERICA.WE8ISO8859P15", session_mode=0, persistent=0, exclusive=0) at /root/oci8/oci8.c:990
#6  0x0000002a985c71de in php_oci_do_connect (ht=<value optimized out>, return_value=0x9b4078, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>, persistent=0, exclusive=1380273473) at /root/oci8/oci8.c:942
#7  0x0000002a985cfc33 in zif_oci_connect (ht=<value optimized out>, return_value=<value optimized out>, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /root/oci8/oci8_interface.c:1528

line 990 in oci8.c is:
        if (charset && *charset) {
                        smart_str_appends_ex(&hashed_details, charset, 1);
        }
which then  uses the macro from ./ext/standard/php_smart_str.h where the memcopy is called

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-06-22 18:53 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-06-23 07:49 UTC] j dot henge-ernst at interexa dot de

Still the same with the lastest snapshot

Starting program: /root/src/php5.2-200606230630/sapi/cli/php test.php
[Thread debugging using libthread_db enabled]
[New Thread 182929799936 (LWP 13713)]
*** glibc detected *** realloc(): invalid pointer: 0x00000000007b4378 ***

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182929799936 (LWP 13713)]
0x0000002a97006af5 in memcpy () from /lib64/tls/libc.so.6
(gdb) where
#0  0x0000002a97006af5 in memcpy () from /lib64/tls/libc.so.6
#1  0x0000000000000031 in ?? ()
#2  0x0000000000440fdd in php_oci_do_connect_ex (username=0x7cc238 "XXXXXXXX", username_len=8, password=0x7cc268 "XXXXXXXX", password_len=8, new_password=0x0, new_password_len=0,
    dbname=0x7cc2b8 "XXXXXXX.XXXXXXX.XXX.XXXXXXXXXX", dbname_len=30, charset=0x7b42f8 "AMERICAN_AMERICA.WE8ISO8859P15", session_mode=0, persistent=0, exclusive=1)
    at /root/src/php5.2-200606230630/ext/oci8/oci8.c:995
#3  0x000000000044235c in php_oci_do_connect (ht=<value optimized out>, return_value=0x7b4338, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>, persistent=0, exclusive=1380273473) at /root/src/php5.2-200606230630/ext/oci8/oci8.c:947
#4  0x000000000044aa23 in zif_oci_new_connect (ht=<value optimized out>, return_value=<value optimized out>, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /root/src/php5.2-200606230630/ext/oci8/oci8_interface.c:1520
#5  0x0000000000519c73 in zend_do_fcall_common_helper_SPEC (execute_data=dwarf2_read_address: Corrupted DWARF expression.
) at zend_vm_execute.h:200
#6  0x00000000005683bc in execute (op_array=0x7cc128) at zend_vm_execute.h:92
#7  0x00000000004fac91 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/src/php5.2-200606230630/Zend/zend.c:1110
#8  0x00000000004bfed5 in php_execute_script (primary_file=0x7fbffff1c0) at /root/src/php5.2-200606230630/main/main.c:1748
#9  0x00000000005698d4 in main (argc=2, argv=0x7fbffff338) at /root/src/php5.2-200606230630/sapi/cli/php_cli.c:1097

[2006-06-23 08:09 UTC] tony2001@php.net

Works just fine here.
What if you change line 995 to this:
smart_str_appends_ex(&hashed_details, charset, 0);

?

[2006-06-23 08:10 UTC] tony2001@php.net

And don't forget to disable ALL zend_extension's.

[2006-06-23 08:18 UTC] j dot henge-ernst at interexa dot de

changing line 995 as given solves the problem and gives the correct output

Warning: oci_new_connect(): ORA-12154: TNS:could not resolve the connect identifier specified in /root/src/php5.2-200606230630/test.php on line 3

The System is a SuSE Linux EenterpriseServer 9 64bit with Oracle 10g

The zendextensions have not been used when testing the latest snapshot

[2006-06-23 08:26 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Nov 28 01:00:01 2025 UTC