php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #4681 Apache dies when an incorrect query is sent to ociparse
Submitted: 2000-05-30 00:04 UTC Modified: 2006-07-17 08:42 UTC
From: edink at proventum dot net Assigned:
Status: Closed Package: OCI8 related
PHP Version: 4.0 Release Candidate 2 OS: Linux 2.2 (RedHat 6.1)
Private report: No CVE-ID: None
 [2000-05-30 00:04 UTC] edink at proventum dot net
It might be oracle bug, but here's the code that crashes my apache 1.3.12 and php 4.0.0: 

<?php
$link=ocilogon("what", "ever", "");
$q="select count(*)as C from CATEGORY where catpath like '|Produktkatalog|edin's category|%' and source=140";
$stmt=ociparse($link, $q);
?>

Note that there is only a single (not escaped) quote after edin. It took the me some time to find what was wrong here and to cut the example to these 3 lines. Here's the backtrace:

Starting program: /data/gen/apache/bin/httpd -X -f /data/gen/apache/conf/httpd-genx.conf

Program received signal SIGSEGV, Segmentation fault.
0x2ae760c2 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
(gdb) bt
#0  0x2ae760c2 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
#1  0x2ae3cb46 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
#2  0x2ae26ad7 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
#3  0x2ae53c70 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
#4  0x2ae54544 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
#5  0x2ae54580 in screen_size () from /ora01/app/oracle/product/8.0.5/lib/libclntsh.so.1.0
#6  0x8054353 in ap_invoke_handler ()
#7  0x8067889 in ap_some_auth_required ()
#8  0x80678ec in ap_process_request ()
#9  0x805f18e in ap_child_terminate ()
#10 0x805f31c in ap_child_terminate ()
#11 0x805f479 in ap_child_terminate ()
#12 0x805faa6 in ap_child_terminate ()
#13 0x8060233 in main ()
#14 0x2ab621eb in __libc_start_main (main=0x805feec <main>, argc=4, argv=0x7ffff9e4, init=0x804e8e0 <_init>, 
    fini=0x809420c <_fini>, rtld_fini=0x2aab5610 <_dl_fini>, stack_end=0x7ffff9dc) at ../sysdeps/generic/libc-start.c:90

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-05-30 11:25 UTC] thies at cvs dot php dot net
fixed in CVS

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Nov 05 11:01:29 2024 UTC