php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63258 seg fault with PDO and dblib using DBSETOPT(H->link, DBQUOTEDIDENT, 1);
Submitted: 2012-10-10 22:25 UTC Modified: 2013-01-19 02:55 UTC
From: paul dot visco at roswellpark dot org Assigned: ssufficool (profile)
Status: Closed Package: PDO related
PHP Version: 5.4.7 OS: centos 5.8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: paul dot visco at roswellpark dot org
New email:
PHP Version: OS:

 

 [2012-10-10 22:25 UTC] paul dot visco at roswellpark dot org
Description:
------------
revision #300716 to php source for /ext/pdo_dblib/ which adds support for double quoted field values causes segfault on our system.  According to https://bugs.php.net/bug.php?id=47588 line 318 was added to support quoted field names.   If pdo_dblib is recompiled without line 318 it works fine, no segfault. My patch is just commenting out the line, which is really not a solution but it allows us to be able to use the driver again.

PHP: 5.4.7
SYSTEM: CentOS 5.8
TSQL:
Version: freetds v0.91
freetds.conf directory: /etc
MS db-lib source compatibility: yes
Sybase binary compatibility: yes
Thread safety: yes
iconv library: yes
TDS version: 4.2
iODBC: no
unixodbc: yes
SSPI "trusted" logins: no
Kerberos: yes

Test script:
---------------
$db = new PDO('dblib:host=somehost.somesite.org;charset=UTF-8;','username',
'password');


Expected result:
----------------
Segmentation fault

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000036b68788e0 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x00000036b68788e0 in strlen () from /lib64/libc.so.6
#1  0x00000036b6846e77 in vfprintf () from /lib64/libc.so.6
#2  0x00000036b68e74a7 in __vfprintf_chk () from /lib64/libc.so.6
#3  0x00002aaab1e6ece5 in ?? () from /usr/lib64/libsybdb.so.5
#4  0x00002aaab1e43dd8 in dbsetopt () from /usr/lib64/libsybdb.so.5
#5  0x00002aaab2e51447 in pdo_dblib_handle_factory (dbh=0x2aaaaab0c298, driver_options=<value optimized out>)
    at /home/visco/php-5.4.7/ext/pdo_dblib_orig/dblib_driver.c:318
#6  0x00002aaab2c40099 in zim_PDO_dbh_constructor (ht=<value optimized out>, return_value=<value optimized out>, 
    return_value_ptr=<value optimized out>, this_ptr=0x2aaaaab0a8f0, return_value_used=<value optimized out>)
    at /home/visco/php-5.4.7/ext/pdo/pdo_dbh.c:380
#7  0x00002aaaae23df42 in xdebug_execute_internal (current_execute_data=0x2aaaaaad5060, return_value_used=0)
    at /tmp/tmpBeyREt/xdebug-2.2.1/xdebug.c:1483
#8  0x00000000006008e7 in ?? ()
#9  0x000000000060680e in execute ()
#10 0x00002aaaae24061f in xdebug_execute (op_array=0x2aaaaab0b160) at /tmp/tmpBeyREt/xdebug-2.2.1/xdebug.c:1391
#11 0x00000000005d1dbe in zend_execute_scripts ()
#12 0x00000000005770d8 in php_execute_script ()
#13 0x00000000006789cd in ?? ()
#14 0x000000000067934d in ?? ()
#15 0x00000036b681d994 in __libc_start_main () from /lib64/libc.so.6
#16 0x00000000004239c9 in _start ()


Patches

dblib_driver.patch (last revision 2012-10-10 22:26 UTC by paul dot visco at roswellpark dot org)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-10-11 10:22 UTC] laruence@php.net
according to MSDN, the fix should be:

diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c
index 77832f9..baf1dcc 100644
--- a/ext/pdo_dblib/dblib_driver.c
+++ b/ext/pdo_dblib/dblib_driver.c
@@ -315,7 +315,7 @@ static int pdo_dblib_handle_factory(pdo_dbh_t *dbh, zval 
*driver_options TSRMLS_
 	DBSETOPT(H->link, DBTEXTSIZE, "2147483647");
 
 	/* allow double quoted indentifiers */
-	DBSETOPT(H->link, DBQUOTEDIDENT, 1);
+	DBSETOPT(H->link, DBQUOTEDIDENT, NULL);
 

see: http://msdn.microsoft.com/en-us/library/aa937147(v=sql.80).aspx

"
Note  When you use DBQUOTEDIDENT, you must set param to NULL.
"
 [2012-10-11 10:22 UTC] laruence@php.net
-Assigned To: +Assigned To: ssufficool
 [2012-10-11 10:23 UTC] laruence@php.net
ssufficool, do you have time to look into this?

seems you intentionally change the "NULL" to "1" in https://github.com/php/php-
src/commit/36b8c4cb

thanks
 [2012-10-11 16:21 UTC] ssufficool@php.net
The patch looks legit. I'm not sure why I used 1 instead of null for the 
parameter value. I have not posted patches since the source was moved to git. 
Please merge this change for me if possible.
 [2012-10-12 02:38 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0c0b5a3543f37dc3dfe7fa55629f2749c0b05294
Log: Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H-&gt;link, DBQUOTEDIDENT, 1))
 [2012-10-12 02:38 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2012-10-12 02:39 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=0c0b5a3543f37dc3dfe7fa55629f2749c0b05294
Log: Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H-&gt;link, DBQUOTEDIDENT, 1))
 [2013-01-18 13:03 UTC] f dot marquis at of2m dot fr
this patch seems to cause an error :
#63638 Cannot connect to SQL Server 2008 with PDO dblib
 [2013-01-19 02:55 UTC] ssufficool@php.net
Are you compiling against FreeTDS or Sybase libs? It looks like the segfault is 
in the DB LIB, not PHP. FreeTDS is passing a null pointer (or something invalid) 
to the libc strlen() function.

To further debug this issue, FreeTDS will need to be recompiled with debug 
symbols intact, php recompiled and the segfault back trace reproduced. This will 
give better insight to the code generating the error.
 [2013-01-21 09:33 UTC] f dot marquis at of2m dot fr
currently using FreeTDS, on CentOS 6.3
 [2013-06-18 17:07 UTC] jwatson at fh dot org
Is there any chance this might make it into a PHP 5.4.x release? I looked in the 
repo and saw that this is only checked in to PHP5.5. This is a critical bug-fix 
for existing systems.
 [2013-08-05 02:19 UTC] stas@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f20d28a6b1c53fce4d1171dd92ebe341547f1627
Log: Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H-&gt;link, DBQUOTEDIDENT, 1))
 [2013-11-17 09:30 UTC] laruence@php.net
Automatic comment on behalf of stas
Revision: http://git.php.net/?p=php-src.git;a=commit;h=f20d28a6b1c53fce4d1171dd92ebe341547f1627
Log: Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H-&gt;link, DBQUOTEDIDENT, 1))
 [2014-10-07 23:22 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0c0b5a3543f37dc3dfe7fa55629f2749c0b05294
Log: Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H-&gt;link, DBQUOTEDIDENT, 1))
 [2014-10-07 23:32 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=0c0b5a3543f37dc3dfe7fa55629f2749c0b05294
Log: Fixed bug #63258 (seg fault with PDO and dblib using DBSETOPT(H-&gt;link, DBQUOTEDIDENT, 1))
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 19:03:37 2021 UTC