php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #66311 Stack smashing protection kills PDO/ODBC queries
Submitted: 2013-12-17 20:06 UTC Modified: 2013-12-22 11:43 UTC
From: michael at orlitzky dot com Assigned: felipe (profile)
Status: Closed Package: ODBC related
PHP Version: master-Git-2013-12-17 (Git) OS: Gentoo Linux
Private report: No CVE-ID: None
View Developer Edit
 [2013-12-17 20:06 UTC] michael at orlitzky dot com 
Description:
------------
The background and test code for the issue can be found at,

  https://bugs.gentoo.org/show_bug.cgi?id=491100

In ext/pdo_odbc/odbc_stmt.c, there is a function odbc_stmt_describe which declares variables,

  SDWORD colsize, displaysize;

Later the displaysize variable is filled via a call to SQLColAttribute:

  rc = SQLColAttribute(S->stmt, colno+1,
                       SQL_DESC_DISPLAY_SIZE,
                       NULL, 0, NULL, &displaysize);

According to /usr/include/sqlucode.h, the final parameter to SQLColAttribute should be of type SQLLEN instead of SDWORD. When displaysize's value is finally used,

  colsize = displaysize;
  col->maxlen = S->cols[colno].datalen = colsize;

The stack smashing protection kicks in due to the mismatched types, and the program segfaults. Replacing the SDWORD type with SQLLEN avoids the issue (although there are other type warnings in the same file).

Patches

0001-Change-a-variable-s-type-from-SDWORD-to-SQLLEN-to-av.patch (last revision 2013-12-17 20:07 UTC by michael at orlitzky dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-12-17 20:13 UTC] aharvey@php.net
-Package: PDO related +Package: ODBC related
 [2013-12-22 11:43 UTC] felipe@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
 [2013-12-22 11:43 UTC] felipe@php.net 
The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.
 [2013-12-23 11:48 UTC] ab@php.net 
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaca4ede153f9cf26277164d14f3499f76d0e69d
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 [2013-12-23 22:43 UTC] ab@php.net 
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=a05611358606ca21672c49d26c77b7b0c81cab07
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 [2014-08-22 07:07 UTC] ab@php.net 
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaca4ede153f9cf26277164d14f3499f76d0e69d
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 [2014-10-07 23:16 UTC] stas@php.net 
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a05611358606ca21672c49d26c77b7b0c81cab07
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 [2014-10-07 23:27 UTC] stas@php.net 
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=a05611358606ca21672c49d26c77b7b0c81cab07
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 [2016-07-20 11:41 UTC] davey@php.net 
Automatic comment on behalf of felipensp@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=aaca4ede153f9cf26277164d14f3499f76d0e69d
Log: - Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries) patch by: michael at orlitzky dot com
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 11:01:29 2024 UTC