php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15896 Variable lookup table overflow
Submitted: 2002-03-06 08:31 UTC Modified: 2002-04-28 00:00 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: bf at ez dot no Assigned: yohgaki (profile)
Status: No Feedback Package: PostgreSQL related
PHP Version: 4.1.2 OS: Redhat Linux
Private report: No CVE-ID: None
 [2002-03-06 08:31 UTC] bf at ez dot no
Hi,

I've got a reproduceable problem with PHP when using 
PostgreSQL. The problem does not appear when running 
MySQL. I suspect a buffer overflow of some kind. 

A good example of the problem follows, code taken from my 
db library class and the query function:

        $myVariable = "My Value";
        $limit = -1;
        $offset = 0;
        
        print( "MyVar: $myVariable <br>" );
Will normally output:
MyVar: My Value<br>

However; after 55-60 database calls with the function it 
will print:
MyVar: 0<br>

The 0 is the value assigned to the $offset variable. If I 
remove the $offset = 0; line the output will be:
MyVar: -1<br>

As you can see all variables will be assigned to the same 
value ( after n runs ).

It allways happens at the same place in the code even 
after apache restarts etc. I have two different scrips 
using the db library reproducing the same problem. And 
this does not happen when using the mysql implementation 
of the db library.

It may be something in the area of; a buffer for storing 
the variable assignments overflows due to a buffer 
overflow in the postgresql library. But this is only a 
guess since I don't know the internals of PHP/PostgreSQL.

PHP configure line:

 './configure' '--with-dom' '--with-xml' 
'--with-apxs=/usr/sbin/apxs' '--enable-ftp' 
'--enable-trans-sid' '--with-config-file-path=/etc/httpd' 
'--with-mysql=shared,/usr' '--with-pgsql=shared,/usr' 
'--enable-inline-optimization' '--with-ttf' '--with-gd' 
'--enable-gd-native-ttf' '--with-imap' '--includedir=/usr' 
'--with-openssl=/usr' '--with-zlib-dir=/usr' 
'--with-ldap=shared,/usr' '--with-openssl=shared,/usr' 
'--enable-dbg=shared' '--with-dbg-profiler' 
'--with-kerberos'

System:
Linux dozer.ez.no 2.4.9-31 #1 Tue Feb 26 07:11:02 EST 2002 
i686 unknown

Server API:
Apache

I'm _not_ running APC or Zend accellerator.
There are no error messages in the log and no segfaults.

Regards
B?rd Farstad

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-25 06:25 UTC] denis at startsiden dot no
Hi,

This issue is very reproduceable here also, on two very different setups sharing only Apache and Postgresql versions.
(Apache 1.3.20, 22 and 23 and Postgresql 7.1.3)

The setups involved that reproduce the reported bug are one production system setup (running Postgresql and Apache separately, Apache 1.3.20 / 1.3.22 and PHP 4.0.6patched) 
and additionally one internal test environment (running Postgresql and Apache on the same server, Apache 1.3.23 and PHP 4.1.2).

The OS is Linux, but distributions are Debian Potato with 2.2 kernel (production) and Slackware 8.0 with 2.4 kernel (test env.). 

Production system has very high load, test environment has little to no load. Both reproduce the same issue as described in the bugreport.

Additional info, my PHP is a lot less complex, I configured with : 
./configure  
--enable-trans-sid 
--with-config-file-path=/etc/httpd --with-apxs=/usr/local/apache/current/bin/apxs
--with-pgsql 
--without-mysql 

This is a very serious issue to me, my production servers are behaving less than well, very possibly because of this issue (frequent memory leaks / apache instability). 

Any feedback highly appreciated !

Regards
Denis Braekhus
 [2002-03-26 21:10 UTC] yohgaki@php.net
I don't see this kind of behavior.
If memory is broken, the cause may be anywhere.

Could you build with min. config options?
./configure --with-apxs --without-mysql --with-pgsql --enable-debug

Could you paste shortest possible reproducible script with
the configuration that I mentioned?

Make sure you check apache error log also.



 [2002-04-28 00:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 20:01:29 2024 UTC