php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #1103 segfault in dbmfetch() or dbmfirstkey)(
Submitted: 1999-01-29 21:06 UTC Modified: 1999-10-03 23:03 UTC
From: morrilie at hotmail dot com Assigned: jah (profile)
Status: Closed Package: DBM/DBA related
PHP Version: 3.0.6 OS: linux 2.0.36
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: morrilie at hotmail dot com
New email:
PHP Version: OS:

 

 [1999-01-29 21:06 UTC] morrilie at hotmail dot com
The problem: segfaults in dbmfetch() and dbmfirstkey().

dbmopen(), dbmclose(), dbminsert() work fine.

when running php from a shell script all is ok. Problem appears only when
running php from commandline or as apache module.
Sample script:
#!/bin/sh
php -f 003.php3t

That's all. Same command on the cli causes segfault.

php 3.0.6
apache 1.3.4
linux 2.0.36
gdbm 1.7.3

backtrace:

#0 php3_dbmfetch(ht=0x80f93a8, return_value=0x80c745c,
   list=0x80e8920, plist=0x80e88f4) at functions/db.c:617
#1 phpparse() at control_functions_inline.h:930
#2 php3_parse(yyparse=0x80f3998) at main.c:1474
#3 main(...) at main.c:1782
#4 ___crt_dummy___ ()

Return_value, which is a pointer, has some
small value , and writing results of the operation at functions/db.c:617
causes segfaults. I encountered values 0x5 0x6 0x1d.

Just looked at *list. (it is a hashtable) - it has ridiculous fields!
nTableSize = 1936287828 and others not differ much.
*plist seems to make sense
*ht - nonsense


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-10-03 23:03 UTC] jah at cvs dot php dot net
This seems to be a bug in gcc (at least in version 2.7.2).  If you want to
test it, compile the following code with gcc 2.7.2 both with -fomit-frame-pointer
and without. With -fomit-frame-pointer, it will segfault. At least on my
Linux box.

#include <stdio.h>
#include <gdbm.h>
 
int main(int argc, char **argv) {
  GDBM_FILE db;
  datum key, val;
  char* keystr = "key";
  char* valstr = "value";
 
  key.dptr = keystr;
  key.dsize = 3;
  val.dptr = valstr;
  val.dsize = 5;
 
  if ((db = gdbm_open("destroyme", 512, GDBM_WRCREAT, 0666, NULL)) != NULL) {
    if (!gdbm_store(db, key, val, GDBM_REPLACE)) {
      val = gdbm_fetch(db, key);
      printf("%u %s\n", val.dsize, val.dptr);
      gdbm_close(db);
      return 0;
    }
    printf("Couldn't store key!\n");
    gdbm_close(db);
    return 2;
  }
  printf("Couldn't open db!\n");
  return 1;
}
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 11 04:01:27 2024 UTC