|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45575 [PATCH] Segfault with invalid non-string as event handler callback
Submitted: 2008-07-21 07:51 UTC Modified: 2008-10-07 18:25 UTC
From: chris_se at gmx dot net Assigned: felipe
Status: Closed Package: InterBase related
PHP Version: 5.2.6 OS: *
Private report: No CVE-ID:
 [2008-07-21 07:51 UTC] chris_se at gmx dot net
Same problem as with bug #45555 - just for a different extension: The interbase extension accepts arbitrary zvals as callbacks (which is fine) but always uses Z_STRVAL(zval) to display an error message if the callback is invalid. This will cause a segfault if e.g. int(1) is passed as a callback.

The following patch against PHP_5_3 (it also applies against PHP 5.2) solves the problem (there are two places where error messages are generated):

And the same patch ported to HEAD:

Please note that I only found this bug because I did a source review of all core extensions that call callbacks in order to ensure they are compatible with closures. I have no knowledge or experience whatsoever with Interbase or Firebird so I can't actually test this. But by reading the source it is clear that this will crash PHP (see bug #45555 where the same problem occurred but where I could test the issue).

Reproduce code:
Probably something like:
ibase_set_event_handler($connection, 1, "whatever");

Expected result:
Callback argument 1 is not a callable function

Actual result:
Segmentation fault.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-07 18:25 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.

Thanks for the patch. :)
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Fri Nov 27 22:01:31 2015 UTC