|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66311 Stack smashing protection kills PDO/ODBC queries
Submitted: 2013-12-17 20:06 UTC Modified: 2013-12-22 11:43 UTC
From: michael at orlitzky dot com Assigned: felipe
Status: Closed Package: ODBC related
PHP Version: master-Git-2013-12-17 (Git) OS: Gentoo Linux
Private report: No CVE-ID:
 [2013-12-17 20:06 UTC] michael at orlitzky dot com
The background and test code for the issue can be found at,

In ext/pdo_odbc/odbc_stmt.c, there is a function odbc_stmt_describe which declares variables,

  SDWORD colsize, displaysize;

Later the displaysize variable is filled via a call to SQLColAttribute:

  rc = SQLColAttribute(S->stmt, colno+1,
                       NULL, 0, NULL, &displaysize);

According to /usr/include/sqlucode.h, the final parameter to SQLColAttribute should be of type SQLLEN instead of SDWORD. When displaysize's value is finally used,

  colsize = displaysize;
  col->maxlen = S->cols[colno].datalen = colsize;

The stack smashing protection kicks in due to the mismatched types, and the program segfaults. Replacing the SDWORD type with SQLLEN avoids the issue (although there are other type warnings in the same file).


0001-Change-a-variable-s-type-from-SDWORD-to-SQLLEN-to-av.patch (last revision 2013-12-17 20:07 UTC) by michael at orlitzky dot com)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-17 20:13 UTC]
-Package: PDO related +Package: ODBC related
 [2013-12-22 11:43 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2013-12-22 11:43 UTC]
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at

 For Windows:
Thank you for the report, and for helping us make PHP better.

 [2013-12-23 11:48 UTC]
Automatic comment on behalf of
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 [2013-12-23 22:43 UTC]
Automatic comment on behalf of
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 02:02:10 2014 UTC