|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45575 [PATCH] Segfault with invalid non-string as event handler callback
Submitted: 2008-07-21 07:51 UTC Modified: 2008-10-07 18:25 UTC
From: chris_se at gmx dot net Assigned: felipe (profile)
Status: Closed Package: InterBase related
PHP Version: 5.2.6 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
47 - 36 = ?
Subscribe to this entry?

 [2008-07-21 07:51 UTC] chris_se at gmx dot net
Same problem as with bug #45555 - just for a different extension: The interbase extension accepts arbitrary zvals as callbacks (which is fine) but always uses Z_STRVAL(zval) to display an error message if the callback is invalid. This will cause a segfault if e.g. int(1) is passed as a callback.

The following patch against PHP_5_3 (it also applies against PHP 5.2) solves the problem (there are two places where error messages are generated):

And the same patch ported to HEAD:

Please note that I only found this bug because I did a source review of all core extensions that call callbacks in order to ensure they are compatible with closures. I have no knowledge or experience whatsoever with Interbase or Firebird so I can't actually test this. But by reading the source it is clear that this will crash PHP (see bug #45555 where the same problem occurred but where I could test the issue).

Reproduce code:
Probably something like:
ibase_set_event_handler($connection, 1, "whatever");

Expected result:
Callback argument 1 is not a callable function

Actual result:
Segmentation fault.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-07 18:25 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.

Thanks for the patch. :)
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 21 13:01:36 2024 UTC