PHP :: Bug #68298 :: OCI int overflow

Bug #68298

OCI int overflow

Submitted:

2014-10-24 10:43 UTC

Modified:

2015-11-06 15:39 UTC

Votes:	4
Avg. Score:	4.8 ± 0.4
Reproduced:	3 of 4 (75.0%)
Same Version:	1 (33.3%)
Same OS:	0 (0.0%)

From:

perrier dot p at gmail dot com

Assigned:

sixd (profile)

Status:

Closed

Package:

OCI8 related

PHP Version:

5.6.2

OS:

Debian 7

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	perrier dot p at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2014-10-24 10:43 UTC] perrier dot p at gmail dot com

Description:
------------
If you have a NUMBER colonne which can store 64Bit int when you bind it, it will be converted to INT32 ( ub4 )


in file oci8_statement.c function php_oci_bind_by_name


 case SQLT_INT:
 case SQLT_NUM:
		 if (Z_TYPE_P(var) == IS_RESOURCE || Z_TYPE_P(var) == IS_OBJECT) {
				 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid variable used for bind");
				 return 1;
		 }
		 convert_to_long(var);
		 bind_data = (ub4 *)&Z_LVAL_P(var);
		 value_sz = sizeof(ub4);
		 mode = OCI_DEFAULT;
		 break;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-28 19:07 UTC] m8r-f6bdu21 at mailinator dot com

I had the same issue:
---
$retValue = -1;
oci_bind_by_name($stmt, ':retValue', $retValue, -1, SQLT_INT);
… // $retValue is set to 0 by statement
oci_execute($stmt);
---
In 64 bit this gives
- PHP: $retValue = 0xFFFFFFFFFFFFFFFF;
- oci: Only lower 32 bit of $retValue is set to 0
- PHP: $retValue = 0xFFFFFFFF00000000;

Since 11.2, OCI supports 64 bit integers:
http://docs.oracle.com/cd/E11882_01/appdev.112/e10646/oci03typ.htm#LNOCI039

I changed the OCI code to:
  bind_data = (ub8 *)&Z_LVAL_P(var);
  value_sz = sizeof(ub8);
and it seems to work so I think the fix is fairly simple.
A check should be done to see if OCI version >= 11.2 and if we are building 64 bit, use ub8 instead of ub4.

[2015-09-04 22:42 UTC] sixd@php.net

-Assigned To: +Assigned To: sixd

[2015-10-26 18:28 UTC] zulrang at gmail dot com

Can confirm I've had the same issue, but it was a much bigger problem.

I'm running on Solaris/SPARC, and on SPARC architecture, it's passing only the UPPER 32-bits, resulting in conversion of numbers like 211 to 949187772415.

[2015-11-06 15:39 UTC] sixd@php.net

-Status: Assigned +Status: Closed

[2015-11-06 15:39 UTC] sixd@php.net

Fixed in PHP 5.6.16 and PECL OCI8 2.0.10
https://github.com/php/php-src/commit/3060dfd92e0126e92b1501dba807bfcd44bef53a

Also merged to PHP-7.0 
https://github.com/php/php-src/commit/049325ca9662e1d5e6fb2fdc7006b9a68385d9f9

[2016-01-22 09:09 UTC] alvaro at demogracia dot com

Related To: Bug #71422

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 03:01:28 2024 UTC