PHP :: Bug #31039 :: ocifetchstatement Crashes php when clob length is > 0 &&

Bug #31039

ocifetchstatement Crashes php when clob length is > 0 && < 3

Submitted:

2004-12-09 17:44 UTC

Modified:

2004-12-24 01:00 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

ahmad dot ali at eedo dot com

Assigned:

Status:

No Feedback

Package:

OCI8 related

PHP Version:

4.3.8

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2004-12-09 17:44 UTC] ahmad dot ali at eedo dot com

Description:
------------
THIS IS A CRITICAL bug that is related to 14702 bug but was never followed. Whenever your do a select statement on a clob field (on a linux box) that has a length of less then 3 characters but more then 0 it will crash php. If you need more info please email me at ahmad.ali@eedo.com. We have clients running on oracle and are now stuck with no solutions.

Reproduce code:
---------------
  if(!$port) $port = '1521';
  $tns = "
(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=$host)(PORT=$port)))(CONNECT_DATA=(SID=$dbname)))";

  $conn = ocilogon('xxxxx','xxxxx',$tns);
  
  $SQL = "SELECT MYCLOBFIELD FROM CLOBTABLE";
  
  $Result = ociparse($conn,$SQL);
  while(ocifetchinto($result, &$resultarray,    
                     OCI_RETURN_NULLS + OCI_RETURN_LOBS))
  {
    // It crashes before it even gets here
  }

Expected result:
----------------
not too crash and return the result from ocifetchinto.

Actual result:
--------------
Page not found (PHP crashes)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-12-09 17:46 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

.

[2004-12-14 17:28 UTC] ahmad dot ali at eedo dot com

(gdb) bt
#0  0x4056bc67 in ttci2u () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#1  0x40335490 in kpulbcr () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#2  0x40579002 in ttcdrv () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#3  0x40448855 in nioqwa () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#4  0x4035a9f2 in upirtrc () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#5  0x4033742d in kpurcsc () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#6  0x4032500c in kpulfrd () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#7  0x40344d7a in OCILobRead () from
/opt/oracle/Oracle8iR3/lib/libclntsh.so.8.0
#8  0x80781c6 in oci_loadlob (connection=0x81d7d0c, mydescr=0x81d7c24,
buffer=0xbfffd9b8, loblen=0xbfffd9bc)
    at oci8.c:1860
#9  0x80771f4 in _oci_make_zval (value=0x81f206c, statement=0x81db77c,
column=0x81e641c, 
    func=0x811d5ef "OCIFetchStatement", mode=8) at oci8.c:1242
#10 0x807bbc6 in zif_ocifetchstatement (ht=2, return_value=0x81e65e4,
this_ptr=0x0, return_value_used=1) at oci8.c:3970
#11 0x8103a55 in execute (op_array=0x81d15e4) at
/home/ch/php-4.1.0/Zend/zend_execute.c:1590
#12 0x80e5cc2 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at zend.c:814
#13 0x8063921 in php_execute_script (primary_file=0xbffff9d0) at
main.c:1309
#14 0x8061bc4 in main (argc=2, argv=0xbffffa74) at cgi_main.c:738
#15 0x407faf31 in __libc_start_main (main=0x80613d4 <main>, argc=2,
ubp_av=0xbffffa74, init=0x805f8d0 <_init>, 
    fini=0x811843c <_fini>, rtld_fini=0x4000e274 <_dl_fini>,
stack_end=0xbffffa6c) at ../sysdeps/generic/libc-start.c:129

[2004-12-14 19:13 UTC] tony2001@php.net

Just tried both with 5.1-dev & 4.3.10(release) - works fine.
Are you really still using 4.3.8? 
Did you try any CVS snapshot?

[2004-12-14 20:50 UTC] ahmad dot ali at eedo dot com

Yes we are using 4.3.8 although one thing I did forget to mention is that were using UTF8 with the MBString library. I haven't tried any newer version since 4.3.8 but I did review all the changes since then and found nothing related to this bug. One thing I did find is that someone else reported a similar bug (#14702) with the exact same setup that we have and had the same problem. Padding the clob with a select statement (e.g. SELECT '~~~' || CLOB_FIELD) seems to fix the problem, but obviously this is not a solution. I will try to provide you a test site if it would help diagnosing the problem.

Cheers, 

Ahmad

[2004-12-16 23:38 UTC] tony2001@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2004-12-24 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 10:00:01 2025 UTC