PHP :: Bug #81252 :: PDO_ODBC doesn't account for SQL_NO

Bug #81252	PDO_ODBC doesn't account for SQL_NO_TOTAL
Submitted:	2021-07-12 16:40 UTC	Modified:	2021-07-21 13:25 UTC
From:	calvin at cmpct dot info	Assigned:	cmb (profile)
Status:	Closed	Package:	PDO ODBC
PHP Version:	7.4.21	OS:	Fedora 34
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	calvin at cmpct dot info
New email:
PHP Version:		OS:

New Comment:

[2021-07-12 16:40 UTC] calvin at cmpct dot info

Description:
------------
Similar to #80460 for procedural ODBC (which was fixed, though perhaps with not an ideal solution). This will manifest as PDO_ODBC getting -4 as the length back from the driver, and blindly trying to memcpy that length, crashing.

Test script:
---------------
https://gist.github.com/NattyNarwhal/e1209fc967b0f4dcdfba7d2405557077

Includes reproduction for Db2i.

Expected result:
----------------
object(stdClass)#3 (4) {
  ["ID"]=>
  &string(1) "1"
  ["Data1"]=>
  &string(20) "5char               "
  ["Data2"]=>
  &string(25) "xxxxxxxxxxxxxxxxxxx      "
  ["Data3"]=>
  &string(2) "19"
}

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff77cbac6 in __memcpy_avx_unaligned_erms () from /lib64/libc.so.6
(gdb) where
#0  0x00007ffff77cbac6 in __memcpy_avx_unaligned_erms () from /lib64/libc.so.6
#1  0x00007fffe419a274 in memcpy (__len=18446744073709551612, __src=0x7ffff72010c0, __dest=<optimized out>) at /usr/include/bits/string_fortified.h:29
#2  odbc_stmt_param_hook (stmt=<optimized out>, param=<optimized out>, event_type=<optimized out>) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/ext/pdo_odbc/odbc_stmt.c:522
#3  0x00007fffe44b51ee in dispatch_param_event (event_type=PDO_PARAM_EVT_EXEC_POST, stmt=0x7ffff7287000) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/ext/pdo/pdo_stmt.c:179
#4  dispatch_param_event (stmt=0x7ffff7287000, event_type=PDO_PARAM_EVT_EXEC_POST) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/ext/pdo/pdo_stmt.c:160
#5  0x00007fffe44b5e6d in zim_PDOStatement_execute (execute_data=<optimized out>, return_value=0x7fffffff9d10) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/ext/pdo/pdo_stmt.c:520
#6  0x0000555555855e0b in ZEND_DO_FCALL_SPEC_RETVAL_UNUSED_HANDLER () at /usr/src/debug/php-7.4.21-1.fc34.x86_64/Zend/zend_vm_execute.h:1618
#7  execute_ex (ex=0x7ffff72010f0) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/Zend/zend_vm_execute.h:53897
#8  0x00005555558583af in zend_execute (op_array=0x7ffff72812a0, return_value=0x0) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/Zend/zend_vm_execute.h:57993
#9  0x00005555557cf42c in zend_execute_scripts (type=type@entry=8, retval=0x7fffdc8695a0, retval@entry=0x0, file_count=-148819936, file_count@entry=3) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/Zend/zend.c:1679
#10 0x000055555576cf88 in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/main/main.c:2650
#11 0x000055555585a537 in do_cli (argc=2, argv=0x555555e21020) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/sapi/cli/php_cli.c:964
#12 0x000055555563c44b in main (argc=2, argv=0x555555e21020) at /usr/src/debug/php-7.4.21-1.fc34.x86_64/sapi/cli/php_cli.c:1359

Patches

Pull Requests

Pull requests:

Fix #81252: PDO_ODBC doesn't account for SQL_NO_TOTAL (php-src/7295)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-07-13 08:51 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2021-07-13 08:51 UTC] cmb@php.net

Hmm, seems there is also a memory leak (at least in case of
failure).

[2021-07-21 13:25 UTC] cmb@php.net

I'm not able to reproduce this, so I can only come up with a
simplistic fix, which is even slightly worse than the fix for bug
#80460 (i.e. you don't even get some error message or other
indication about the failure).  Thus, a pull request from someone
who can reproduce this would be welcome.  It might be a good idea
not to target a stable PHP version for this, due to general lack
of (PDO_)ODBC maintainers.

Generally, the support for out parameters appears to be
suboptimal.

> Hmm, seems there is also a memory leak (at least in case of
> failure).

I'll open a separate ticket for this.

[2021-07-21 13:26 UTC] cmb@php.net

The following pull request has been associated:

Patch Name: Fix #81252: PDO_ODBC doesn't account for SQL_NO_TOTAL
On GitHub:  https://github.com/php/php-src/pull/7295
Patch:      https://github.com/php/php-src/pull/7295.patch

[2021-07-28 09:03 UTC] git@php.net

Automatic comment on behalf of cmb69
Revision: https://github.com/php/php-src/commit/98049e8b9ab040f5796a8d93b53173b53977fdad
Log: Fix #81252: PDO_ODBC doesn't account for SQL_NO_TOTAL

[2021-07-28 09:03 UTC] git@php.net

-Status: Assigned +Status: Closed

[2023-06-26 08:09 UTC] gerefo6485 at aramask dot com

Good one here. Shaw Webmail is a convenient way to access your Shaw email accounts on any mobile device. To read, send, and manage your email, all you need is a secure internet connection and a mobile web browser for more see:(https://www.tutorialsweb.live)php.net

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Dec 03 17:01:29 2024 UTC