php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62255 PDO ODBC Segfaults on SQL_SUCCESS_WITH_INFO with SQL_NO_TOTAL
Submitted: 2012-06-07 21:58 UTC Modified: 2014-01-01 12:37 UTC
Votes:5
Avg. Score:4.6 ± 0.8
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:2 (40.0%)
From: ramsden at shsu dot edu Assigned:
Status: Open Package: PDO ODBC
PHP Version: 5.3.13 OS: Linux
Private report: No CVE-ID:
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ramsden at shsu dot edu
New email:
PHP Version: OS:

 

 [2012-06-07 21:58 UTC] ramsden at shsu dot edu
Description:
------------
PDO ODBC is segfaulting when grabbing CLOB data from a MIMER database. When the 
length of the column's content is <= 256 "C->fetched_len" is equal to the actual 
length and the CLOB data is returned correctly. When it's greater than 256 "C-
>fetched_len" is equal to SQL_NO_TOTAL (-4) and we fall through to the ELSE 
block in odbc_stmt.c:645.

The code prior to this patch (https://github.com/php/php-
src/commit/283accdf159ed98f5ac4d2f89f9ee2a2de1c946a#ext/pdo_odbc/odbc_stmt.c) 
returned CLOB data correctly. With the call to emalloc() and memcpy() having 
been replaced with a call to estrndup() we now see segfaults:


Sample table for code below:
---------------

create table blah.clobtest (
id bigint not null,
data clob,

primary key(id)
);

-- grabbing this works correctly
insert into blah.clobtest (1,
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxx'
);

-- grabbing this causes php pdo segfault
insert into blah.clobtest (2,
'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
);

Test script:
---------------
<?php

try
{
    echo "connecting to local mimer...\n";

    $db = new PDO('odbc:DSN=test;UID=sysadm;PWD=password');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $stmt = $db->prepare("select id,data from blah.clobtest where id = 2");
    $stmt->execute();

    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    print_r($row);
}
catch (Exception $e) 
{
    die($e->getMessage());
}

Expected result:
----------------
It should return an array('ID' => [int], 'DATA' => [string]) of CLOB data 
regardless of CLOB length.

Actual result:
--------------
colt@debian:~/Desktop$ gdb php
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/php...done.
(gdb) run test.php
Starting program: /usr/local/bin/php test.php [Thread debugging using 
libthread_db enabled] connecting to local mimer...
[Thu Jun  7 16:39:35 2012]  Script:  'test.php'
---------------------------------------
/home/colt/Downloads/php-5.3.13/ext/pdo_odbc/odbc_stmt.c(679) : Block 0x08962910 
status:
Invalid pointer: ((size=0x00000135) != (next.prev=0x78787878))
---------------------------------------

Program received signal SIGSEGV, Segmentation fault.
0x083c9188 in zend_mm_search_large_block (heap=0x8828470, true_size=8240) at 
/home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:1803
1803			if (ZEND_MM_FREE_BLOCK_SIZE(p) < 
ZEND_MM_FREE_BLOCK_SIZE(best_fit)) {
(gdb) bt
#0  0x083c9188 in zend_mm_search_large_block (heap=0x8828470, true_size=8240) at 
/home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:1803
#1  0x083c9349 in _zend_mm_alloc_int (heap=0x8828470, size=8192, 
__zend_filename=0x87a5b88 "/home/colt/Downloads/php-
5.3.13/ext/pdo_odbc/odbc_stmt.c", 
    __zend_lineno=679, __zend_orig_filename=0x0, __zend_orig_lineno=0) at 
/home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:1862
#2  0x083c9b15 in _zend_mm_realloc_int (heap=0x8828470, p=0x8962910, size=8192, 
__zend_filename=0x87a5b88 "/home/colt/Downloads/php-
5.3.13/ext/pdo_odbc/odbc_stmt.c", 
    __zend_lineno=679, __zend_orig_filename=0x0, __zend_orig_lineno=0) at 
/home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:2056
#3  0x083caa39 in _erealloc (ptr=0x8962910, size=8192, allow_failure=0, 
__zend_filename=0x87a5b88 "/home/colt/Downloads/php-
5.3.13/ext/pdo_odbc/odbc_stmt.c", 
    __zend_lineno=679, __zend_orig_filename=0x0, __zend_orig_lineno=0) at 
/home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:2371
#4  0x082106a7 in odbc_stmt_get_col (stmt=0x8961658, colno=1, ptr=0xbfffcd8c, 
len=0xbfffcd88, caller_frees=0xbfffcd84, tsrm_ls=0x8827050)
    at /home/colt/Downloads/php-5.3.13/ext/pdo_odbc/odbc_stmt.c:679
#5  0x0820590a in fetch_value (stmt=0x8961658, dest=0x89628cc, colno=1, 
type_override=0x0, tsrm_ls=0x8827050)
    at /home/colt/Downloads/php-5.3.13/ext/pdo/pdo_stmt.c:561
#6  0x0820739e in do_fetch (stmt=0x8961658, do_bind=1, return_value=0x896279c, 
how=PDO_FETCH_ASSOC, ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0, 
    tsrm_ls=0x8827050) at /home/colt/Downloads/php-
5.3.13/ext/pdo/pdo_stmt.c:1046
#7  0x0820815e in zim_PDOStatement_fetch (ht=1, return_value=0x896279c, 
return_value_ptr=0x0, this_ptr=0x8960260, return_value_used=1, 
tsrm_ls=0x8827050)
    at /home/colt/Downloads/php-5.3.13/ext/pdo/pdo_stmt.c:1322
#8  0x084278c5 in zend_do_fcall_common_helper_SPEC (execute_data=0x8990de4, 
tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/Zend/zend_vm_execute.h:320
#9  0x0842812d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8990de4, 
tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/Zend/zend_vm_execute.h:425
#10 0x08426b5e in execute (op_array=0x8960110, tsrm_ls=0x8827050) at 
/home/colt/Downloads/php-5.3.13/Zend/zend_vm_execute.h:107
#11 0x083f43f1 in zend_execute_scripts (type=8, tsrm_ls=0x8827050, retval=0x0, 
file_count=3) at /home/colt/Downloads/php-5.3.13/Zend/zend.c:1236
#12 0x0836eb1e in php_execute_script (primary_file=0xbffff3a8, 
tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/main/main.c:2308
#13 0x084d06ba in main (argc=2, argv=0xbffff524) at /home/colt/Downloads/php-
5.3.13/sapi/cli/php_cli.c:1184
(gdb) 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-01 12:37 UTC] felipe@php.net
-Package: PDO related +Package: PDO ODBC
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Feb 26 19:01:37 2017 UTC