php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63700 Buffer overrun in mysqlnd_reverse_api_register_api
Submitted: 2012-12-05 20:01 UTC Modified: 2012-12-05 22:52 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: slangley at google dot com Assigned: mysql
Status: Assigned Package: MySQL related
PHP Version: 5.4.9 OS: N/A
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2012-12-05 20:01 UTC] slangley at google dot com
Description:
------------
Address sanitizer detected a buffer over run.

ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff149259af at pc 
0x7f3cfb7b1840 bp 0x7fff149258d0 sp 0x7fff149258c8
READ of size 1 at 0x7fff149259af thread T0
    #0 0x7f3cfb7b183f php/v5_4_8/Zend/zend_hash.c:261 _zend_hash_add_or_update
    #1 0x7f3cfba67ea1 php/v5_4_8/ext/mysqlnd/mysqlnd_reverse_api.c:63 
mysqlnd_reverse_api_register_api
    #2 0x7f3cfbb64bd3 php/v5_4_8/ext/pdo_mysql/pdo_mysql.c:123 
zm_startup_pdo_mysql
    #3 0x7f3cfb55af8d php/v5_4_8/Zend/zend_API.c:1661 zend_startup_module_ex
    #4 0x7f3cfb7b5041 php/v5_4_8/Zend/zend_hash.c:716 zend_hash_apply
    #5 0x7f3cfb55ba8e php/v5_4_8/Zend/zend_API.c:1788 zend_startup_modules
    #6 0x7f3cfbf3b447 php/v5_4_8/main/main.c:2205 php_module_startup

Here's the patch to fix it

--- v5_4_8/ext/mysqlnd/mysqlnd_reverse_api.c.orig	2012-12-05 
11:50:33.000000000 -0800
+++ v5_4_8/ext/mysqlnd/mysqlnd_reverse_api.c	2012-12-05 11:50:52.000000000 
-0800
@@ -61,7 +61,7 @@
 mysqlnd_reverse_api_register_api(MYSQLND_REVERSE_API * apiext TSRMLS_DC)
 {
 	zend_hash_add(&mysqlnd_api_ext_ht, apiext->module->name, strlen(apiext-
>module->name) + 1, &apiext,
-				  sizeof(MYSQLND_REVERSE_API), NULL);
+				  sizeof(void*), NULL);
 }
 /* }}} */
 



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-12-05 22:52 UTC] johannes@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Mar 24 18:01:43 2017 UTC