php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34884 Changing ini value sqlite.assoc_case to 1 or 2 produces a segmentation fault.
Submitted: 2005-10-16 16:11 UTC Modified: 2005-10-17 17:29 UTC
Votes:3
Avg. Score:4.0 ± 1.4
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:2 (66.7%)
From: oancea at gmail dot com Assigned: iliaa
Status: Closed Package: SQLite related
PHP Version: 5.1.0RC1 OS: Mandriva Linux 2006
Private report: No CVE-ID:
 [2005-10-16 16:11 UTC] oancea at gmail dot com
Description:
------------
When changing the value of the ini setting sqlite.assoc_case to 1 or 2 causes a php crash.

Tested with php 5.0.4, php 5.0.5 and php 5.1.0RC1 on Mandriva Linux 2006.

Reproduce code:
---------------
<?php
if (is_file('test.db')) unlink ('test.db');

ini_set('sqlite.assoc_case', 1); // with 2 is the same thing

$query=<<<sql
    CREATE TABLE authors (
        id INTEGER PRIMARY KEY,
        name VARCHAR(100),
        email VARCHAR(150)
    );
sql;

$db= sqlite_open('test.db');

sqlite_query($db, $query);

$_query="PRAGMA table_info(authors)";

$rs= sqlite_query($db, $_query);

// if the last line is replaced by 
// sqlite_query($db, $_query); 
// will work without seg. fault, 
// but the is no use to do that, since we have to process the result set.


Expected result:
----------------
Not a Segmentation fault anyway.

Actual result:
--------------
(gdb) run sqlite.php
Starting program: /wwwroot/bin/php sqlite.php
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
[Thread debugging using libthread_db enabled]
[New Thread -1216205984 (LWP 31099)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216205984 (LWP 31099)]
0x0821434f in php_sqlite_fetch (rres=0x87c5460, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:90
90                      *s = tolower(*s);
(gdb) bt
#0  0x0821434f in php_sqlite_fetch (rres=0x87c5460, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:90
#1  0x08214522 in sqlite_query (object=0x0, db=0x87c4eb8, sql=0x87c5f98 "PRAGMA table_info(authors)", sql_len=26, mode=99, buffered=1,
    return_value=0x87c5fe8, prres=0xbffcdd18, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:1558
#2  0x082148d4 in zif_sqlite_query (ht=2, return_value=0x87c5fe8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, tsrm_ls=0x8636018)
    at /home/aurelian/src/php-5.1.0RC1/ext/sqlite/sqlite.c:1740
#3  0x08346c7d in zend_do_fcall_common_helper_SPEC (execute_data=0xbffcdf4c, tsrm_ls=0x8636018)
    at /home/aurelian/src/php-5.1.0RC1/Zend/zend_vm_execute.h:184
#4  0x083461d9 in execute (op_array=0x87c20d8, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/Zend/zend_vm_execute.h:87
#5  0x08321777 in zend_execute_scripts (type=8, tsrm_ls=0x8636018, retval=Variable "retval" is not available.
) at /home/aurelian/src/php-5.1.0RC1/Zend/zend.c:1078
#6  0x082e04fa in php_execute_script (primary_file=0xbffd034c, tsrm_ls=0x8636018) at /home/aurelian/src/php-5.1.0RC1/main/main.c:1672
#7  0x083c9e9b in main (argc=2, argv=0xbffd0424) at /home/aurelian/src/php-5.1.0RC1/sapi/cli/php_cli.c:1039


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-10-17 17:29 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 02:02:11 2014 UTC