php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32932 Oracle LDAP: ldap_get_entries invalid pointer
Submitted: 2005-05-03 22:43 UTC Modified: 2005-05-10 18:06 UTC
From: frameloss at gmail dot com Assigned:
Status: Closed Package: LDAP related
PHP Version: 4.3.11, 5.0.4 OS: Fedora Core 3
Private report: No CVE-ID:
 [2005-05-03 22:43 UTC] frameloss at gmail dot com
Description:
------------
The following errors occur when using the ldap_get_entries call on PHP 5.0.4, Apache 2.0.53 , Fedora Core 3 2.6.9-1.724_FC3smp

*** glibc detected *** free(): invalid pointer: 0xb7cede40 ***
*** glibc detected *** double free or corruption (out): 0x08917930 ***
*** glibc detected *** free(): invalid pointer: 0xb7cede40 ***
[Tue May  3 14:13:27 2005] [notice] child pid 13543 exit signal Aborted (6)
[Tue May  3 14:13:27 2005] [notice] child pid 13544 exit signal Aborted (6)
[Tue May  3 14:13:27 2005] [notice] child pid 13545 exit signal Aborted (6)
*** glibc detected *** free(): invalid pointer: 0xb7cede40 ***

However, ldap_get_values and ldap_first_entry etc seem to work fine.

Configure line:

'./configure' '--with-ldap=/usr/local/oracle/product/10.1.0.3.0/' '--enable-versioning' '--enable-memo' '--enable-ctype' '--with-curl' '--enable-ftp' '--with-gd' '--enable-gd-native-ttf' '--with-freetype' '--with-t1lib' '--with-jpeg' '--with-jpeg-dir=/usr/local' '--with-png' '--with-xpm' '--with-gmp' '--with-mcrypt' '--with-mhash' '--with-mysql=/usr/local' '--with-openssl' '--with-oci8=/usr/local/oracle/product/10.1.0.3.0' '--enable-overload' '--with-pcre-regex' '--enable-posix' '--enable-session' '--enable-tokenizer' '--with-expat' '--enable-xml' '--with-zlib' '--with-apxs=/usr/local/apache/bin/apxs' '--with-xpm-dir=/usr/X11R6/' '--with-freetype-dir=/usr' '--with-t1lib-dir=/usr' '--with-sybase-ct=/usr/local/FreeTDS/'

Reproduce code:
---------------
Using example code provided from user manual.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-05-04 17:25 UTC] frameloss at gmail dot com
Backtrace, using CLI php . . .

(gdb) set args /usr/local/apache/htdocs/reporting/test/ldap.php
(gdb) run
Starting program: /root/SOURCE/Web/PHP/php-5.0.4/sapi/cli/php /usr/local/apache/htdocs/reporting/test/ldap.php
[Thread debugging using libthread_db enabled]
[New Thread -1208379712 (LWP 3230)]
ldap_connect function available<br><pre></pre><h3>LDAP query test</h3>... Connecting ... resource(4) of type (ldap link)
connect result is <pre> Resource id #4</pre><br />Binding ...Bind result is 1<br />Searching for username ...Search result is Resource id #5<br />Number of entires returned is 1<br />Getting entries ...<p>*** glibc detected *** free(): invalid pointer: 0xb7cf4e40 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread -1208379712 (LWP 3230)]
0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0  0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x009b5955 in raise () from /lib/tls/libc.so.6
#2  0x009b7319 in abort () from /lib/tls/libc.so.6
#3  0x009e8f9a in __libc_message () from /lib/tls/libc.so.6
#4  0x009ef528 in _int_free () from /lib/tls/libc.so.6
#5  0x009efafa in free () from /lib/tls/libc.so.6
#6  0x080e25b8 in zif_ldap_get_entries (ht=2, return_value=0x8633e94, this_ptr=0x0, return_value_used=1)
    at /root/SOURCE/Web/PHP/php-5.0.4/ext/ldap/ldap.c:998
#7  0x0825b999 in zend_do_fcall_common_helper (execute_data=0xbfe04fe0, opline=0x86393ac, op_array=0x8631d54)
    at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend_execute.c:2727
#8  0x0825c188 in zend_do_fcall_handler (execute_data=0xbfe04fe0, opline=0x86393ac, op_array=0x8631d54)
    at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend_execute.c:2859
#9  0x08256b56 in execute (op_array=0x8631d54) at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend_execute.c:1406
#10 0x08232d8d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend.c:1069
#11 0x081f4417 in php_execute_script (primary_file=0xbfe073f0) at /root/SOURCE/Web/PHP/php-5.0.4/main/main.c:1632
#12 0x08261a6b in main (argc=2, argv=0xbfe074b4) at /root/SOURCE/Web/PHP/php-5.0.4/sapi/cli/php_cli.c:946
(gdb)
 [2005-05-06 03:14 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

And if it still fails, provide new GDB backtrace.

 [2005-05-06 20:11 UTC] frameloss at gmail dot com
(gdb) set args /usr/local/apache/htdocs/reporting/test/ldap-orig.php
(gdb) run
Starting program: /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/sapi/cli/php /usr/local/apache/htdocs/reporting/test/ldap-orig.php
[Thread debugging using libthread_db enabled]
[New Thread -1208383808 (LWP 2916)]
ldap_connect function available<br><pre></pre><h3>LDAP query test</h3>... Connecting ... resource(4) of type (ldap link)
connect result is <pre> Resource id #4</pre><br />Binding ...Bind result is 1<br />Searching for username ...Search result is Resource id #5<br />Number of entires returned is 1<br />Getting entries ...<p>*** glibc detected *** free(): invalid pointer: 0xb7cf3e40 ***

Program received signal SIGABRT, Aborted.
[Switching to Thread -1208383808 (LWP 2916)]
0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0  0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00827955 in raise () from /lib/tls/libc.so.6
#2  0x00829319 in abort () from /lib/tls/libc.so.6
#3  0x0085af9a in __libc_message () from /lib/tls/libc.so.6
#4  0x00861528 in _int_free () from /lib/tls/libc.so.6
#5  0x00861afa in free () from /lib/tls/libc.so.6
#6  0x080ebbc8 in zif_ldap_get_entries (ht=2, return_value=0x951972c, this_ptr=0x0, 
    return_value_used=1)
    at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/ext/ldap/ldap.c:1085
#7  0x082bf226 in zend_do_fcall_common_helper_SPEC (execute_data=0xbff26660)
    at zend_vm_execute.h:175
#8  0x082c340a in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbff26660)
    at zend_vm_execute.h:1544
#9  0x082bef3f in execute (op_array=0x951794c) at zend_vm_execute.h:78
#10 0x0829a12b in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/Zend/zend.c:1063
#11 0x08259c45 in php_execute_script (primary_file=0xbff28a80)
    at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/main/main.c:1653
#12 0x0830f9d2 in main (argc=2, argv=0xbff28b44)
    at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/sapi/cli/php_cli.c:954
(gdb)
 [2005-05-08 18:10 UTC] sniper@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-05-10 18:06 UTC] frameloss at gmail dot com
Thank you! The fix works!
 [2013-08-28 11:32 UTC] daverandom@php.net
Automatic comment from SVN on behalf of daverandom
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=331212
Log: Note removal of Logo GUIDs meaning expose_php no longer affects; note inclusion of credits

--
Provided by anonymous #32932 (ajf@ajf.me)
 [2013-09-11 17:44 UTC] daverandom@php.net
Automatic comment from SVN on behalf of daverandom
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=331342
Log: Abusing this ini parameter to send multiple headers is not something that should be included as an example in the manual. There are better ways to do it.

--
Provided by anonymous #32932 (ajf@ajf.me)
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC