php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #56800 Core dumped when do ocilogon oci8-1.1.1
Submitted: 2006-01-26 06:16 UTC Modified: 2006-01-26 06:23 UTC
From: eda at vaz dot ru Assigned:
Status: Not a bug Package: oci8 (PECL)
PHP Version: 5_1 CVS-2006-01-26 OS: RedHat AS 4.0
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2006-01-26 06:16 UTC] eda at vaz dot ru 
Description:
------------
<script language="php">
$PHP_AUTH_USER="eda";
$PHP_AUTH_PW="cfvjujy1";
$C_SID="ITDC";


  $conn = OCILogon($PHP_AUTH_USER,$PHP_AUTH_PW,$C_SID);
  if(!$conn):
        print "BEDA\n";
 else:
        print "OK\n";
 endif;
</script>



Reproduce code:
---------------
File oci.c
---------  
void php_oci_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent, int exclusive)
{
        php_oci_connection *connection;
        char *username, *password;
        char *dbname = NULL, *charset = NULL;
        long username_len, password_len;
        long dbname_len = 0, charset_len = 0;
        long session_mode = OCI_DEFAULT;

        /* if a fourth parameter is handed over, it is the charset identifier (but is only used in Oracle 9i+) */
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss|ssl", &username, &username_len, &password, &password_len, &dbname, &dbname_len, &charset, &charset_len, &session_mode) == FAILURE) {
---------------------

username_len, password_len, dbname_len, charset_len declared as "long". Why not "int" ?

Example from  file "README.PARAMETER_PARSING_API" in php sources:
----------
/* Gets a long, a string and its length, and a zval */
long l;
char *s;
int s_len;      // <<<<<<<<< INT !
zval *param;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "lsz",
                                                  &l, &s, &s_len, &param) == FAILURE) {
        return;
}
-----------


Expected result:
----------------
CORE

Actual result:
--------------
BACKTRACE 
-----------
0x2000000000e81220 in memcpy () from /lib/tls/libc.so.6.1
(gdb) backtrace
#0  0x2000000000e81220 in memcpy () from /lib/tls/libc.so.6.1
#1  0x2000000004726750 in php_oci_do_connect_ex (username=0x600000000029c958 "eda", username_len=429496729603, password=0x600000000029cd98 "MyPassword", password_len=6917529027641081864, new_password=0x0, new_password_len=0, dbname=0x600000000029ce28 "ITDC", dbname_len=4, charset=0x0, session_mode=0, persistent=0, exclusive=0) at /usr/src/debug/php-oci8-5.1.2/oci8.c:909


>>>>>>>> username_len,password_len WRONG !!!!! 


#2  0x20000000047291f0 in php_oci_do_connect (ht=3, return_value=0x6000000000281498, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, persistent=0, exclusive=0) at /usr/src/debug/php-oci8-5.1.2/oci8.c:870
#3  0x200000000473e9d0 in zif_oci_connect (ht=3, return_value=0x6000000000281498, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/src/debug/php-oci8-5.1.2/oci8_interface.c:1474
#4  0x40000000003bfe00 in execute ()
#5  0x40000000003be830 in execute ()
#6  0x4000000000377950 in zend_execute_scripts ()
#7  0x40000000002e57e0 in php_execute_script ()
#8  0x40000000004bcb20 in main ()
(gdb) list 'php_oci_do_connect_ex'
Line 882 of "/usr/src/debug/php-oci8-5.1.2/oci8.c" starts at address 0x2000000004726520 <php_oci_do_connect_ex> and ends at 0x2000000004726521 <php_oci_do_connect_ex+1>.
/usr/src/debug/php-oci8-5.1.2/oci8.c:882:32419:beg:0x2000000004726520

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-01-26 06:23 UTC] tony2001 at phpclub dot net 
For some weird reason you're using old OCI8 from PECL with 5.1.2, while new OCI8 already comes with 5.1.2.
Don't do it, use the bundled one.
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Wed Sep 27 01:01:24 2023 UTC