|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54296 Crash in SQLite3Stmt internal object destructor
Submitted: 2011-03-17 15:48 UTC Modified: 2017-10-24 06:13 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: decoder-php at own-hero dot net Assigned:
Status: Open Package: Reproducible crash
PHP Version: 5.3.5 OS: Linux x86-64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: decoder-php at own-hero dot net
New email:
PHP Version: OS:


 [2011-03-17 15:48 UTC] decoder-php at own-hero dot net
The attached code crashes on PHP5.3.5 (debug build).

Test script:
$db = new SQLite3(':memory:');
$db->exec('CREATE TABLE test (whatever INTEGER)');
$db->exec('INSERT INTO test (whatever) VALUES (1)');
$result = $db->query('SELECT * FROM test');
while ($row = $result->fetchArray(SQLITE3_NUM)) {

Actual result:
==30655== Invalid read of size 8
==30655==    at 0x7C5DEA: zend_llist_del_element (zend_llist.c:97)
==30655==    by 0x49EF70: php_sqlite3_stmt_object_free_storage (sqlite3.c:1936)
==30655==    by 0x800A1C: zend_objects_store_free_object_storage (zend_objects_API.c:92)
==30655==    by 0x7C1326: shutdown_executor (zend_execute_API.c:302)
==30655==    by 0x7D2685: zend_deactivate (zend.c:890)
==30655==    by 0x75C7B5: php_request_shutdown (main.c:1633)
==30655==    by 0x8B7FEB: main (php_cli.c:1374)
==30655==  Address 0x5a5a5a5a5a5a5a5a is not stack'd, malloc'd or (recently) free'd
==30655== Process terminating with default action of signal 11 (SIGSEGV)


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-23 02:03 UTC]
-Summary: Crash in zend_llist_del_element +Summary: Crash in SQLite3Stmt internal object destructor
 [2011-03-23 02:03 UTC]
It seems a bit related to bug #53626.
 [2011-12-27 09:19 UTC]
-Status: Open +Status: Assigned -Assigned To: +Assigned To: scottmac
 [2012-06-03 18:32 UTC]
-Type: Security +Type: Bug
 [2017-10-24 06:13 UTC]
-Status: Assigned +Status: Open -Assigned To: scottmac +Assigned To:
 [2021-01-09 20:40 UTC] sji at sj-i dot dev
cannot reproduce this on 8.0.1-debug
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Jan 20 20:01:24 2021 UTC