PHP :: Bug #37886 :: oci_connect crashes php when charset-parameter is given

Bug #37886	oci_connect crashes php when charset-parameter is given
Submitted:	2006-06-22 11:59 UTC	Modified:	2006-06-23 08:26 UTC
From:	j dot henge-ernst at interexa dot de	Assigned:
Status:	Closed	Package:	OCI8 related
PHP Version:	5.1.4	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	j dot henge-ernst at interexa dot de
New email:
PHP Version:		OS:

New Comment:

[2006-06-22 11:59 UTC] j dot henge-ernst at interexa dot de

Description:
------------
php crashes if the fourth/charset parameter is given to oc_connect or oci_new_connect. Problem seems to be line 990 in oci8.c
Problem occurs also if ZendDebugger is not activated. Error occurs also in older versions 5.0.5

Reproduce code:
---------------
<?php
  $c=oci_new_connect("XXXXXXXX", "XXXXXXXX", "XXXXXXX.XXXXXXX.XXX.XXXXXXXXXX", 'AMERICAN_AMERICA.WE8ISO8859P15');


Actual result:
--------------
#0  0x0000002a95ea4ef2 in __pause_nocancel () from /lib64/tls/libpthread.so.0
#1  0x0000002a9a426c0c in zend_oe () from /usr/local/Zend/Core/lib/zend/optimizer/php-5.1.x/ZendOptimizer.so
#2  <signal handler called>
#3  0x0000002a96121af5 in memcpy () from /lib64/tls/libc.so.6
#4  0x0000000000000031 in ?? ()
#5  0x0000002a985c5e83 in php_oci_do_connect_ex (username=0x986418 "XXXXXXXX", username_len=8, password=0x986978 "XXXXXXXX", password_len=8, new_password=0x0, new_password_len=0, dbname=0x986088 "OPRISKT.XXXXXXXXXXXXXXXXXXXXXX", dbname_len=30, charset=0x9bacc8 "AMERICAN_AMERICA.WE8ISO8859P15", session_mode=0, persistent=0, exclusive=0) at /root/oci8/oci8.c:990
#6  0x0000002a985c71de in php_oci_do_connect (ht=<value optimized out>, return_value=0x9b4078, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>, persistent=0, exclusive=1380273473) at /root/oci8/oci8.c:942
#7  0x0000002a985cfc33 in zif_oci_connect (ht=<value optimized out>, return_value=<value optimized out>, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>, return_value_used=<value optimized out>) at /root/oci8/oci8_interface.c:1528

line 990 in oci8.c is:
        if (charset && *charset) {
                        smart_str_appends_ex(&hashed_details, charset, 1);
        }
which then  uses the macro from ./ext/standard/php_smart_str.h where the memcopy is called

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-06-22 18:53 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-06-23 07:49 UTC] j dot henge-ernst at interexa dot de

Still the same with the lastest snapshot

Starting program: /root/src/php5.2-200606230630/sapi/cli/php test.php
[Thread debugging using libthread_db enabled]
[New Thread 182929799936 (LWP 13713)]
*** glibc detected *** realloc(): invalid pointer: 0x00000000007b4378 ***

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182929799936 (LWP 13713)]
0x0000002a97006af5 in memcpy () from /lib64/tls/libc.so.6
(gdb) where
#0  0x0000002a97006af5 in memcpy () from /lib64/tls/libc.so.6
#1  0x0000000000000031 in ?? ()
#2  0x0000000000440fdd in php_oci_do_connect_ex (username=0x7cc238 "XXXXXXXX", username_len=8, password=0x7cc268 "XXXXXXXX", password_len=8, new_password=0x0, new_password_len=0,
    dbname=0x7cc2b8 "XXXXXXX.XXXXXXX.XXX.XXXXXXXXXX", dbname_len=30, charset=0x7b42f8 "AMERICAN_AMERICA.WE8ISO8859P15", session_mode=0, persistent=0, exclusive=1)
    at /root/src/php5.2-200606230630/ext/oci8/oci8.c:995
#3  0x000000000044235c in php_oci_do_connect (ht=<value optimized out>, return_value=0x7b4338, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>, persistent=0, exclusive=1380273473) at /root/src/php5.2-200606230630/ext/oci8/oci8.c:947
#4  0x000000000044aa23 in zif_oci_new_connect (ht=<value optimized out>, return_value=<value optimized out>, return_value_ptr=<value optimized out>, this_ptr=<value optimized out>,
    return_value_used=<value optimized out>) at /root/src/php5.2-200606230630/ext/oci8/oci8_interface.c:1520
#5  0x0000000000519c73 in zend_do_fcall_common_helper_SPEC (execute_data=dwarf2_read_address: Corrupted DWARF expression.
) at zend_vm_execute.h:200
#6  0x00000000005683bc in execute (op_array=0x7cc128) at zend_vm_execute.h:92
#7  0x00000000004fac91 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/src/php5.2-200606230630/Zend/zend.c:1110
#8  0x00000000004bfed5 in php_execute_script (primary_file=0x7fbffff1c0) at /root/src/php5.2-200606230630/main/main.c:1748
#9  0x00000000005698d4 in main (argc=2, argv=0x7fbffff338) at /root/src/php5.2-200606230630/sapi/cli/php_cli.c:1097

[2006-06-23 08:09 UTC] tony2001@php.net

Works just fine here.
What if you change line 995 to this:
smart_str_appends_ex(&hashed_details, charset, 0);

?

[2006-06-23 08:10 UTC] tony2001@php.net

And don't forget to disable ALL zend_extension's.

[2006-06-23 08:18 UTC] j dot henge-ernst at interexa dot de

changing line 995 as given solves the problem and gives the correct output

Warning: oci_new_connect(): ORA-12154: TNS:could not resolve the connect identifier specified in /root/src/php5.2-200606230630/test.php on line 3

The System is a SuSE Linux EenterpriseServer 9 64bit with Oracle 10g

The zendextensions have not been used when testing the latest snapshot

[2006-06-23 08:26 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jun 03 02:01:26 2025 UTC