php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75671 pg_version() crashes when called on a connection to cockroach
Submitted: 2017-12-12 09:53 UTC Modified: -
From: magicaltux at gmail dot com Assigned:
Status: Closed Package: PostgreSQL related
PHP Version: 7.2.0 OS: Linux Ubuntu 16 LTS
Private report: No CVE-ID: None
 [2017-12-12 09:53 UTC] magicaltux at gmail dot com
Description:
------------
Cockroach server offers a pgsql compatible wire protocol, and supports a large subset of pgsql:

https://www.cockroachlabs.com/docs/stable/sql-feature-support.html

Calling pg_version() on a cockroach pgsql connection will however result in a segfault. Even if the server doesn't support part of the protocol, php shouldn't segfault because of that.

Test script:
---------------
$pg = pg_connect("...");
var_dump(pg_version($pg));


Expected result:
----------------
(pg_version() output)

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106	../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00000000008f69c2 in add_assoc_string_ex (arg=arg@entry=0x7fffed21d0a0, key=key@entry=0x107dbef "server_encoding", key_len=key_len@entry=15, str=0x0)
    at /usr/src/php-web-7.2.0/Zend/zend_API.c:1414
#2  0x00000000006fa2a8 in php_pgsql_get_link_info (return_value=0x7fffed21d0a0, entry_type=<optimized out>, execute_data=<optimized out>) at /usr/src/php-web-7.2.0/ext/pgsql/pgsql.c:1649
#3  0x000000000099f426 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at /usr/src/php-web-7.2.0/Zend/zend_vm_execute.h:617
#4  execute_ex (ex=0x0) at /usr/src/php-web-7.2.0/Zend/zend_vm_execute.h:59737
#5  0x00000000009a4f1e in zend_execute (op_array=0x7fffed27c2a0, op_array@entry=0x7fffdfedb320, return_value=0x0, return_value@entry=0x7fffed21d030)
    at /usr/src/php-web-7.2.0/Zend/zend_vm_execute.h:63763
#6  0x00000000008f3a13 in zend_execute_scripts (type=type@entry=8, retval=0x7fffed21d030, retval@entry=0x0, file_count=file_count@entry=3) at /usr/src/php-web-7.2.0/Zend/zend.c:1496
#7  0x000000000088f040 in php_execute_script (primary_file=primary_file@entry=0x7fffffffd240) at /usr/src/php-web-7.2.0/main/main.c:2592
#8  0x00000000009a72e9 in do_cli (argc=2, argv=0x14c9060) at /usr/src/php-web-7.2.0/sapi/cli/php_cli.c:1011
#9  0x000000000044ea5c in main (argc=2, argv=0x14c9060) at /usr/src/php-web-7.2.0/sapi/cli/php_cli.c:1404


Patches

pgsql-pg_version-segfault.patch (last revision 2017-12-12 10:07 UTC) by magicaltux at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-12-12 10:00 UTC] magicaltux at gmail dot com
In ext/pgsql/pgsql.c php_pgsql_get_link_info() I have prefixed each add_assoc_string() with a if(tmp) to confirm what data is actually available (calling add_assoc_null() if tmp is NULL). Result was:

array(13) {
  ["client"]=>
  string(6) "9.5.10"
  ["protocol"]=>
  int(3)
  ["server"]=>
  string(5) "9.5.0"
  ["server_encoding"]=>
  NULL
  ["client_encoding"]=>
  string(4) "UTF8"
  ["is_superuser"]=>
  NULL
  ["session_authorization"]=>
  NULL
  ["DateStyle"]=>
  string(3) "ISO"
  ["IntervalStyle"]=>
  NULL
  ["TimeZone"]=>
  NULL
  ["integer_datetimes"]=>
  string(2) "on"
  ["standard_conforming_strings"]=>
  string(2) "on"
  ["application_name"]=>
  NULL
}
 [2017-12-15 14:35 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=acf1472ffde08a514fa44ef4b5baa0c67ae1b3f2
Log: Fixed bug #75671 pg_version() crashes when called on a connection to cockroach
 [2017-12-15 14:35 UTC] ab@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sat Nov 17 08:01:25 2018 UTC