PHP :: Bug #68266 :: SegFault in SolrDisMaxQuery::addQueryField

Bug #68266	SegFault in SolrDisMaxQuery::addQueryField
Submitted:	2014-10-20 00:20 UTC	Modified:	2014-10-20 00:21 UTC
From:	omars@php.net	Assigned:	omars (profile)
Status:	Closed	Package:	solr (PECL)
PHP Version:	Irrelevant	OS:	Irrelevant
Private report:	No	CVE-ID:	None

View Developer Edit

[2014-10-20 00:20 UTC] omars@php.net

Description:
------------
Segmentation fault caused by SolrDisMaxQuery::addQueryField

Test script:
---------------
$dismaxQuery = new SolrDisMaxQuery('score');
$dismaxQuery
->addQueryField("price")
->addQueryField("location", 4);
echo $dismaxQuery;

Expected result:
----------------
defType=dismax&q=score&qf=price location^4

Actual result:
--------------
==18859== Invalid read of size 4
==18859==    at 0xB57778E: zim_SolrDisMaxQuery_addQueryField (php_solr_dismax_query.c:152)
==18859==    by 0x89B3E3: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==18859==    by 0x89BE78: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:685)
==18859==    by 0x89A715: execute_ex (zend_vm_execute.h:363)
==18859==    by 0x89A7FB: zend_execute (zend_vm_execute.h:388)
==18859==    by 0x855192: zend_execute_scripts (zend.c:1316)
==18859==    by 0x7976B5: php_execute_script (main.c:2506)
==18859==    by 0x91589D: do_cli (php_cli.c:994)
==18859==    by 0x916EC4: main (php_cli.c:1378)
==18859==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
==18859== 
==18859== 
==18859== Process terminating with default action of signal 11 (SIGSEGV)
==18859==  Access not within mapped region at address 0x8
==18859==    at 0xB57778E: zim_SolrDisMaxQuery_addQueryField (php_solr_dismax_query.c:152)
==18859==    by 0x89B3E3: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:550)
==18859==    by 0x89BE78: ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (zend_vm_execute.h:685)
==18859==    by 0x89A715: execute_ex (zend_vm_execute.h:363)
==18859==    by 0x89A7FB: zend_execute (zend_vm_execute.h:388)
==18859==    by 0x855192: zend_execute_scripts (zend.c:1316)
==18859==    by 0x7976B5: php_execute_script (main.c:2506)
==18859==    by 0x91589D: do_cli (php_cli.c:994)
==18859==    by 0x916EC4: main (php_cli.c:1378)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-10-20 00:21 UTC] omars@php.net

-Assigned To: +Assigned To: omars

[2014-10-26 01:44 UTC] omars@php.net

Automatic comment on behalf of omars
Revision: http://git.php.net/?p=pecl/search_engine/solr.git;a=commit;h=d088c081e83b2a43d035278765df2b950eebd00e
Log: Fix Bug #68266 	SegFault in SolrDisMaxQuery::addQueryField

[2014-10-26 01:44 UTC] omars@php.net

-Status: Assigned +Status: Closed

[2014-11-09 22:18 UTC] omars@php.net

Automatic comment on behalf of omars
Revision: http://git.php.net/?p=pecl/search_engine/solr.git;a=commit;h=d088c081e83b2a43d035278765df2b950eebd00e
Log: Fix Bug #68266 	SegFault in SolrDisMaxQuery::addQueryField

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Dec 13 04:00:01 2025 UTC