php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #66071 memory corruption in error handling / isc_interprete is unsafe
Submitted: 2013-11-09 07:02 UTC Modified: 2014-04-08 11:15 UTC
From: slavb18 at gmail dot com Assigned: mariuz (profile)
Status: Closed Package: PDO Firebird
PHP Version: 5.4.21 OS: any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: slavb18 at gmail dot com
New email:
PHP Version: OS:

 

 [2013-11-09 07:02 UTC] slavb18 at gmail dot com 
Description:
------------
isc_interprete is unsafe, it should be replaced with fb_iterpret

Test script:
---------------
CREATE EXCEPTION D_ACCESS_DENIED 'access denied';
create or alter procedure testex2
returns (
    a integer)
as
begin
  exception D_ACCESS_DENIED 'YXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
  a=1;
  suspend;
end

$q="select * from testex2";
$sth=$pdo->prepare($q);
$sth->execute();
$row=$sth->fetch(PDO::FETCH_ASSOC);
print_r($row);

Expected result:
----------------
 Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: -836 exception 2 D_ACCESS_DENIED YXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ' 

Actual result:
--------------
*** stack smashing detected ***: php terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x7410f)[0x7fa80dc6410f]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7fa80dce8657]
/lib64/libc.so.6(__fortify_fail+0x0)[0x7fa80dce8620]
/usr/lib64/php5/extensions/pdo_firebird.so(+0x28ee)[0x7fa807c188ee]
/usr/lib64/php5/extensions/pdo.so(+0xa5be)[0x7fa807e275be]
/usr/lib64/php5/extensions/pdo.so(+0x14855)[0x7fa807e31855]
php(+0x6cdcbc)[0x7fa80f9cecbc]
php(execute+0x1e7)[0x7fa80f939367]
php(zend_execute_scripts+0x182)[0x7fa80f90ff02]
php(php_execute_script+0x1cc)[0x7fa80f8a92cc]
php(+0x6cfd1f)[0x7fa80f9d0d1f]
php(+0x468f33)[0x7fa80f769f33]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fa80dc11be5]
php(+0x468fd1)[0x7fa80f769fd1]

Patches

fb_interpret (last revision 2013-11-10 05:40 UTC by slavb18 at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-01 12:27 UTC] felipe@php.net
-Package: PDO related +Package: PDO Firebird
 [2014-04-08 11:07 UTC] mariuz@php.net
-Assigned To: +Assigned To: mariuz
 [2014-04-08 11:15 UTC] mariuz@php.net
-Status: Assigned +Status: Closed
 [2014-04-08 11:15 UTC] mariuz@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Thank you patch applied to master , please retest it
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC