PHP :: Bug #36363 :: php gets segv in _php_stream

Bug #36363

php gets segv in _php_stream_read/memcpy

Submitted:

2006-02-11 00:25 UTC

Modified:

2006-02-19 01:00 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

holgerk44 at freenet dot de

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

5.1.2

OS:

RHEL 4

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	holgerk44 at freenet dot de
New email:
PHP Version:		OS:

New Comment:

[2006-02-11 00:25 UTC] holgerk44 at freenet dot de

Description:
------------
trying to read large database objects (>64K) via PDO from an informix database via a stream causes a crash of the php executable 


Reproduce code:
---------------
$query=$dbh->query("select * from large ");
$row=$query->fetch(PDO::FETCH_ASSOC);
while ( $row ) {
        $file = fopen ("/tmp/large.photo.$count","w");
        $test=fread($row["PHOTO"],20000);
        while($test) {
                fwrite ( $file, $test) ;
                $test=fread($row["PHOTO"],20000);
        }
        fclose ( $file);
}



Expected result:
----------------
an error in case of misprogramming.

Actual result:
--------------
#0  0x007933dc in memcpy () from /lib/tls/libc.so.6
#1  0x081db395 in _php_stream_read (stream=0x97a4ffd, buf=0x9794d3d "",
    size=3219790640)
    at /home/php/main/streams/streams.c:618
#2  0x08180fa3 in zif_fread (ht=2, return_value=0x9760b6c,
    return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /home/php/ext/standard/file.c:1811
#3  0x082192ec in zend_do_fcall_common_helper_SPEC (execute_data=0xbfeaa650)
    at /home/php/Zend/zend_vm_execute.h:192

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-02-11 01:47 UTC] pajoye@php.net

It should not segfault but I think you misuse fread. I suppose your "photo" field is a binary object containing images? Then simply use file_put_contents to store them back to the filesystem.

As a sidenote, use error_reporting(E_ALL) in you script.

[2006-02-11 13:21 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.1-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.1-win32-latest.zip

[2006-02-19 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Dec 04 15:00:01 2025 UTC