php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27990 sqlite_open() crashing Apache on non sqlite databases
Submitted: 2004-04-14 07:45 UTC Modified: 2004-07-18 01:00 UTC
From: csaba at alum dot mit dot edu Assigned:
Status: No Feedback Package: SQLite related
PHP Version: 5CVS-2004-05-03 (dev) OS: Win 2K
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-04-14 07:45 UTC] csaba at alum dot mit dot edu
Description:
------------
I want to get a list of all SQLite databases under my root directory so I figured I'd get a list of all the files, open each one using sqlite_open, and assume those that didn't result in warnings/errors were keepers.

sqlite_open is extremely unhappy about this and apache 2.0.48 dies.

Reproduce code:
---------------
$root = "c:\\Your\\Path\\Here";

$aFiles = dirList($root, 2, 1);
for ($i=sizeof($aFiles);$i--;) {
    if (!($db=sqlite_open($aFiles[$i],0666,$sqliteerror))) unset ($aFiles[$i]);
    else {
        if (!sqlite_array_query($db,"SELECT * FROM sqlite_master;", SQLITE_ASSOC))
            unset ($aFiles[$i]);
        sqlite_close($db);
    }
}
var_dump ($aFiles);

function dirList($path=NULL, $types=2, $levels=1) {
//  returns an array of the specified files/directories
//  Note that directories are prefixed with a '*'
//      This can be eliminated from the line above the return
//  $path defaults to the current working directory
//  $types:  2 => files; 1 => directories; 3 => both;
//  $levels: 1 => look in the $path only; 2 => $path and all children;
//           3 => $path, children, grandchildren; 0 => $path and all descendants;
//           less than 0 => complement of -$levels: everything starting -$levels down
//                e.g. -1 => everthing except $path; -2 => all descendants except $path + children

    $pathSep = strstr(PHP_OS, "WIN") ? "\\" : "/";
    if (!@$path) $path = getcwd();
    $aRes = array();        // result
    $aAcc=array();          // accumulate
    $aDir = array(realpath($path));
    for ($i=$levels>0?$levels++:-1;$i--&&$aDir;$aDir=$aAcc,$aAcc=array())
        while ($dir = array_shift($aDir))
            foreach (scandir ($dir) as $fileOrDir)
                if ($fileOrDir!="." && $fileOrDir!="..") {
                    if ($isDir = is_dir ($rp="$dir$pathSep$fileOrDir")) $aAcc[] = $rp;
                    if ($i<$levels-1 && ($types & (2-$isDir))) $aRes[] = ($isDir?"*":"") . $rp; }
    return $aRes;
}


Expected result:
----------------
I expect to get a list of sqlite database files.  I expect to be able to use @sqlite_open and have it fail gracefully (silently) without taking PHP and Apache with it.


Actual result:
--------------
The above variant on my system with three files in the directory (dbFile.db, index.php, index.php~) produced two warnings:

Warning: sqlite_open() [function.sqlite-open]: database disk image is malformed in .../test.php on sqlite_open line
and showed the dbFile.db as OK

Every other variant crashes apache, such as doing a print of $aFiles[$i] within the else, or inserting ' || $sqliteerror' as the second half of the first if, or putting an '@' in front of sqlite_open.

Thanks,
Csaba Gabor

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-14 10:08 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

I think this was fixed just recently.

 [2004-04-21 00:15 UTC] iliaa@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 [2004-04-22 23:10 UTC] csaba at alum dot mit dot edu
I have tested this with the latest release (April 22 RC 2 beta), and it still crashes Apache.  However, I can be a bit more specific about the symptoms.  I tested on a directory with a small sqlite database log.db (48K) and a log.php file (6K).  Both files were required to produce the crashing effect.

If I ran the code below (with or without an @ in front of the sqlite_open) the first time I would get a warning about: database disk image is malformed ...
(if the @ was not present, as with the code below).
The NEXT Time I invoked the same code is when the Apache would give me the error message about restarting (and sometimes die).  This happens regardless of whether I remove log.php from the directory tree before running the test the second time.

Csaba Gabor
 [2004-04-22 23:30 UTC] wez@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

What you're trying to do will probably end in tears;
libsqlite has a tendency to clobber files that are not valid sqlite databases (this is not a PHP problem).

It is possible that PHP is overly sensitive to such a problem, so could you please try to reproduce this using
the CLI version of PHP?

Use a snapshot from the link above.
 [2004-04-29 15:16 UTC] iliaa@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 [2004-05-03 23:46 UTC] csaba at alum dot mit dot edu
The good news is that the behaviour is markedly better.  This time instead of failing disastrously every other time, it only fails petulantly every third time.

I tested this both as you asked with the CLI version and also running PHP as a module.  With the CLI version, testing on my small three file directory, I got behaviour as expected: I got warnings on files SQLITE didn't like and when I supressed them with the @ in front of sqlite_open, the result was that I got a report of the single sqlite database file in the directory.  Very nice.

Thus encouraged, I went back to the original scenario and ran the same file through a browser.  Two out of three times, I get the same behaviour as above.  The third time around, however, I get the following variable error message:

Fatal error: Unknown function: 8?() in C:\Morph\phpDev\php.php on line 28

There are two things I'd like to mention.  The first is that the "text" between the ': ' and ' in' seems to always be garbage characters, and always different

For the second, I have to clear my throat a bit and mutter something about Heisenberg's uncertainty principle.  The only thing on that line 28 the error message is referring to is the function sqlite_escape_string.  (Ahem.  Whenever I test, I submit the PHP code through a preprocessor that logs the submission.  This has been very stable.  The submission is stuffed into a temporary file and after the logging is done, the browser gets back a header("Location: ...") to the temporary file.  (The directory that I was doing this sqlite testing on is in a separate tree)).

Therefore, I also created a separate file with just the code I submitted (surrounded in appropriate tags).  The results there were not so encouraging.  Apache is still crashing, and PHP complains about trivial things like it can't find this or that variable, always in the dirList function on different lines.  Let me know if you need more info.

The good news is that I deal with this by opening up all the files I find and scanning their header to see if they're SQLite files, and this is working fine for me.  Why can't SQLite do that?  So, although this problem isn't affecting me cause of my workaround, I figured you'd like to know the current status of it on my machine.

Csaba Gabor
 [2004-07-10 15:09 UTC] wez@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2004-07-18 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Sep 17 13:03:37 2021 UTC