PHP :: Bug #1103 :: segfault in dbmfetch() or dbmfirstkey)(

Bug #1103	segfault in dbmfetch() or dbmfirstkey)(
Submitted:	1999-01-29 21:06 UTC	Modified:	1999-10-03 23:03 UTC
From:	morrilie at hotmail dot com	Assigned:	jah (profile)
Status:	Closed	Package:	DBM/DBA related
PHP Version:	3.0.6	OS:	linux 2.0.36
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	morrilie at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[1999-01-29 21:06 UTC] morrilie at hotmail dot com

The problem: segfaults in dbmfetch() and dbmfirstkey().

dbmopen(), dbmclose(), dbminsert() work fine.

when running php from a shell script all is ok. Problem appears only when
running php from commandline or as apache module.
Sample script:
#!/bin/sh
php -f 003.php3t

That's all. Same command on the cli causes segfault.

php 3.0.6
apache 1.3.4
linux 2.0.36
gdbm 1.7.3

backtrace:

#0 php3_dbmfetch(ht=0x80f93a8, return_value=0x80c745c,
   list=0x80e8920, plist=0x80e88f4) at functions/db.c:617
#1 phpparse() at control_functions_inline.h:930
#2 php3_parse(yyparse=0x80f3998) at main.c:1474
#3 main(...) at main.c:1782
#4 ___crt_dummy___ ()

Return_value, which is a pointer, has some
small value , and writing results of the operation at functions/db.c:617
causes segfaults. I encountered values 0x5 0x6 0x1d.

Just looked at *list. (it is a hashtable) - it has ridiculous fields!
nTableSize = 1936287828 and others not differ much.
*plist seems to make sense
*ht - nonsense

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1999-10-03 23:03 UTC] jah at cvs dot php dot net

This seems to be a bug in gcc (at least in version 2.7.2).  If you want to
test it, compile the following code with gcc 2.7.2 both with -fomit-frame-pointer
and without. With -fomit-frame-pointer, it will segfault. At least on my
Linux box.

#include <stdio.h>
#include <gdbm.h>
 
int main(int argc, char **argv) {
  GDBM_FILE db;
  datum key, val;
  char* keystr = "key";
  char* valstr = "value";
 
  key.dptr = keystr;
  key.dsize = 3;
  val.dptr = valstr;
  val.dsize = 5;
 
  if ((db = gdbm_open("destroyme", 512, GDBM_WRCREAT, 0666, NULL)) != NULL) {
    if (!gdbm_store(db, key, val, GDBM_REPLACE)) {
      val = gdbm_fetch(db, key);
      printf("%u %s\n", val.dsize, val.dptr);
      gdbm_close(db);
      return 0;
    }
    printf("Couldn't store key!\n");
    gdbm_close(db);
    return 2;
  }
  printf("Couldn't open db!\n");
  return 1;
}

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 06:00:01 2025 UTC