php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74856 signal 11 in db2_pconnect
Submitted: 2017-07-04 21:44 UTC Modified: 2017-07-14 08:49 UTC
From: tessarek at evermeet dot cx Assigned:
Status: Open Package: ibm_db2 (PECL)
PHP Version: 7.1.6 OS: Linux
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-07-04 21:44 UTC] tessarek at evermeet dot cx
Description:
------------
Calling db2_pconnect a few times results in a signal 11 (SIGSEGV).

The backtrace reveals that the segfault occurs on this line:

2486:  rc = SQLGetConnectAttr(conn_res->hdbc, SQL_ATTR_PING_DB, (SQLPOINTER)&conn_alive, 0, NULL);

Here's the entire backtrace:

#0  0x000000000072beb8 in _php_db2_connect_helper (execute_data=0x7f1eeca14150, return_value=0x7f1eeca14110, pconn_res=0x7fff4003b570, isPersistent=1)
    at /ext/php-7.1.6-debug/ext/ibm_db2/ibm_db2.c:2486
#1  0x000000000072c684 in _php_db2_pconnect (execute_data=0x7f1eeca14150, return_value=0x7f1eeca14110, isPersistent=1) at /ext/php-7.1.6-debug/ext/ibm_db2/ibm_db2.c:2903
#2  0x000000000072c7df in zif_db2_pconnect (execute_data=0x7f1eeca14150, return_value=0x7f1eeca14110) at /ext/php-7.1.6-debug/ext/ibm_db2/ibm_db2.c:2977
#3  0x0000000000b43f49 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /ext/php-7.1.6-debug/Zend/zend_vm_execute.h:675
#4  0x0000000000b4366c in execute_ex (ex=0x7f1eeca14030) at /ext/php-7.1.6-debug/Zend/zend_vm_execute.h:429
#5  0x0000000000b4377e in zend_execute (op_array=0x7f1eeca6b000, return_value=0x0) at /ext/php-7.1.6-debug/Zend/zend_vm_execute.h:474
#6  0x0000000000ae4dfb in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /ext/php-7.1.6-debug/Zend/zend.c:1476
#7  0x0000000000a54a02 in php_execute_script (primary_file=0x7fff4003dbb0) at /ext/php-7.1.6-debug/main/main.c:2537
#8  0x0000000000bd3663 in main (argc=4, argv=0x7fff4003ddd8) at /ext/php-7.1.6-debug/sapi/fpm/fpm/fpm_main.c:1966



Patches

Patch_new (last revision 2017-08-17 07:14 UTC) by vnkbabu@php.net)
fix_pconnect (last revision 2017-08-16 11:06 UTC) by vnkbabu@php.net)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-13 11:21 UTC] vnkbabu@php.net
-Status: Open +Status: Assigned
 [2017-07-13 11:21 UTC] vnkbabu@php.net
Our developer Abhinav Radke is aware of this issue. He is working on the fix. Will update soon with the fix.
 [2017-07-13 15:26 UTC] tessarek at evermeet dot cx
Thanks for the info.

I also have a security issue to report, but the email opendev@us.ibm.com does not work.
Please send me an email and I will fill you in.
 [2017-07-14 08:49 UTC] vnkbabu@php.net
Hi Helmut,
        I have received your concern regarding the possible security issue in db2_pconnect, i agree with you and asked abhinav to use only database and user id. Also i informed my developer abhinav radke to contact you regarding this defect. He will be contacting you through the e-mail, please help him with more information about the issue.
 [2017-08-16 11:06 UTC] vnkbabu@php.net
The following patch has been added/updated:

Patch Name: fix_pconnect
Revision:   1502881614
URL:        https://bugs.php.net/patch-display.php?bug=74856&patch=fix_pconnect&revision=1502881614
 [2017-08-17 07:15 UTC] vnkbabu@php.net
The following patch has been added/updated:

Patch Name: Patch_new
Revision:   1502954099
URL:        https://bugs.php.net/patch-display.php?bug=74856&patch=Patch_new&revision=1502954099
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC