|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54296 Crash in SQLite3Stmt internal object destructor
Submitted: 2011-03-17 15:48 UTC Modified: 2021-02-21 04:22 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: decoder-php at own-hero dot net Assigned: cmb (profile)
Status: No Feedback Package: Reproducible crash
PHP Version: 5.3.5 OS: Linux x86-64
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-03-17 15:48 UTC] decoder-php at own-hero dot net
The attached code crashes on PHP5.3.5 (debug build).

Test script:
$db = new SQLite3(':memory:');
$db->exec('CREATE TABLE test (whatever INTEGER)');
$db->exec('INSERT INTO test (whatever) VALUES (1)');
$result = $db->query('SELECT * FROM test');
while ($row = $result->fetchArray(SQLITE3_NUM)) {

Actual result:
==30655== Invalid read of size 8
==30655==    at 0x7C5DEA: zend_llist_del_element (zend_llist.c:97)
==30655==    by 0x49EF70: php_sqlite3_stmt_object_free_storage (sqlite3.c:1936)
==30655==    by 0x800A1C: zend_objects_store_free_object_storage (zend_objects_API.c:92)
==30655==    by 0x7C1326: shutdown_executor (zend_execute_API.c:302)
==30655==    by 0x7D2685: zend_deactivate (zend.c:890)
==30655==    by 0x75C7B5: php_request_shutdown (main.c:1633)
==30655==    by 0x8B7FEB: main (php_cli.c:1374)
==30655==  Address 0x5a5a5a5a5a5a5a5a is not stack'd, malloc'd or (recently) free'd
==30655== Process terminating with default action of signal 11 (SIGSEGV)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-23 02:03 UTC]
-Summary: Crash in zend_llist_del_element +Summary: Crash in SQLite3Stmt internal object destructor
 [2011-03-23 02:03 UTC]
It seems a bit related to bug #53626.
 [2011-12-27 09:19 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: scottmac
 [2012-06-03 18:32 UTC]
-Type: Security +Type: Bug
 [2017-10-24 06:13 UTC]
-Status: Assigned +Status: Open -Assigned To: scottmac +Assigned To:
 [2021-01-09 20:40 UTC] sji at sj-i dot dev
cannot reproduce this on 8.0.1-debug
 [2021-02-12 11:37 UTC]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-02-12 11:37 UTC]
Can anyone still reproduce this segfault with any of the actively
supported PHP versions[1]?

[1] <>
 [2021-02-21 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Dec 07 11:05:53 2022 UTC