php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57204 sqlite_escape_string tries to consume infinite memory
Submitted: 2006-08-29 17:29 UTC Modified: 2006-10-11 20:17 UTC
From: jose at psabs dot com dot br Assigned:
Status: Closed Package: SQLite (PECL)
PHP Version: 4.4.1 OS: Linux amd64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jose at psabs dot com dot br
New email:
PHP Version: OS:

 

 [2006-08-29 17:29 UTC] jose at psabs dot com dot br
Description:
------------
On amd64 the sqlite_escape_string function is faulty and causes PHP to
kill the script due to PHP's internal memory limit being reached.

There was a patch to solve this bug,  look at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361605
for more information.


An example script that reproduces this problem is:

<?php
echo sqlite_escape_string("a");
?>

Running this script will result in an error message such as:

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
allocate -1969234011 bytes) in /var/www/test.php on line 2

The string passed to sqlite_escape_string and the value of the PHP
memory limit do not effect the behaviour of the bug. The number of bytes
attempted to allocate seems completely bogus.

php5-sqlite (linked against the same libsqlite0) is not affected and
neither is php4-sqlite on i386.

This bug is currently breaking the PHPwiki package on amd64 systems.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-10-11 20:17 UTC] ilia at prohost dot org
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 16:01:28 2024 UTC