php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7651 Uninitialised charset during sybase_connect
Submitted: 2000-11-05 19:47 UTC Modified: 2000-11-05 20:08 UTC
From: james dot cameron at compaq dot com Assigned:
Status: Closed Package: Sybase (dblib) related
PHP Version: 4.0.3pl1 OS: Linux
Private report: No CVE-ID: None
 [2000-11-05 19:47 UTC] james dot cameron at compaq dot com
Problem: segmentation fault.  php_sybase_do_connect() is sending an uninitialised charset pointer to DBLSETLCHARSET.
Patch included in this bug report.

(gdb) bt
#0  0x400f40f6 in strncpy () from /lib/libc.so.6
#1  0x40027771 in tds_set_charset (tds_login=0x81496b8, 
    charset=0x1 <Address 0x1 out of bounds>) at login.c:85
#2  0x4002056b in DBSETLCHARSET (login=0x8185788, 
    charset=0x1 <Address 0x1 out of bounds>) at dblib.c:399
#3  0x809f6f3 in php_sybase_do_connect (ht=3, return_value=0x81a5a5c, 
    this_ptr=0x0, return_value_used=1, persistent=0) at php_sybase_db.c:354
#4  0x809fb78 in php_if_sybase_connect (ht=3, return_value=0x81a5a5c, 
    this_ptr=0x0, return_value_used=1) at php_sybase_db.c:512
#5  0x80da52f in execute (op_array=0x8176cd8) at ./zend_execute.c:1519
#6  0x80da72d in execute (op_array=0x817e208) at ./zend_execute.c:1559
#7  0x80da72d in execute (op_array=0x817e5e8) at ./zend_execute.c:1559
#8  0x80da72d in execute (op_array=0x8148224) at ./zend_execute.c:1559
#9  0x80b5b6b in zend_execute_scripts (type=8, file_count=3) at zend.c:717
#10 0x805c20c in php_execute_script (primary_file=0xbffffc88) at main.c:1200
#11 0x805a9ac in main (argc=2, argv=0xbffffd04) at cgi_main.c:715

*** ext/sybase/php_sybase_db.c.orig     Mon Sep  4 04:43:09 2000
--- ext/sybase/php_sybase_db.c  Mon Nov  6 11:38:30 2000
***************
*** 261,267 ****
  
        switch(ZEND_NUM_ARGS()) {
                case 0: /* defaults */
!                       host=user=passwd=NULL;
                        hashed_details_length=6+3;
                        hashed_details = (char *) emalloc(hashed_details_length+1);
                        strcpy(hashed_details,"sybase___");
--- 261,267 ----
  
        switch(ZEND_NUM_ARGS()) {
                case 0: /* defaults */
!                       host=user=passwd=charset=NULL;
                        hashed_details_length=6+3;
                        hashed_details = (char *) emalloc(hashed_details_length+1);
                        strcpy(hashed_details,"sybase___");
***************
*** 274,280 ****
                                }
                                convert_to_string(yyhost);
                                host = yyhost->value.str.val;
!                               user=passwd=NULL;
                                hashed_details_length = yyhost->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details_length+1);
                                sprintf(hashed_details,"sybase_%s__",yyhost->value.str.val);
--- 274,280 ----
                                }
                                convert_to_string(yyhost);
                                host = yyhost->value.str.val;
!                               user=passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details_length+1);
                                sprintf(hashed_details,"sybase_%s__",yyhost->value.str.val);
***************
*** 290,296 ****
                                convert_to_string(yyuser);
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
!                               passwd=NULL;
                                hashed_details_length = yyhost->value.str.len+yyuser->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_",yyhost->value.str.val,yyuser->value.str.val);
--- 290,296 ----
                                convert_to_string(yyuser);
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
!                               passwd=charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yyuser->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_",yyhost->value.str.val,yyuser->value.str.val);
***************
*** 308,313 ****
--- 308,314 ----
                                host = yyhost->value.str.val;
                                user = yyuser->value.str.val;
                                passwd = yypasswd->value.str.val;
+                               charset=NULL;
                                hashed_details_length = yyhost->value.str.len+yyuser->value.str.len+yypasswd->value.str.len+6+3;
                                hashed_details = (char *) emalloc(hashed_details_length+1);
                                sprintf(hashed_details,"sybase_%s_%s_%s",yyhost->value.str.val,yyuser->value.str.val,yypasswd->va
lue.str.val); /* SAFE */



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-05 20:01 UTC] james dot cameron at compaq dot com
Ooops. I see my patch has been wrapped and the tabs have been stuffed up ... so here is a uuencoded non-context diff relative to 4.0.3pl1.

begin 664 php_sybase_db.c.diff
M,C8T8S(V-`H\(`D)"6AO<W0]=7-E<CUP87-S=V0]3E5,3#L*+2TM"CX@"0D)
M:&]S=#UU<V5R/7!A<W-W9#UC:&%R<V5T/4Y53$P["C(W-V,R-S<*/"`)"0D)
M=7-E<CUP87-S=V0]3E5,3#L*+2TM"CX@"0D)"75S97(]<&%S<W=D/6-H87)S
M970]3E5,3#L*,CDS8S(Y,PH\(`D)"0EP87-S=V0]3E5,3#L*+2TM"CX@"0D)
M"7!A<W-W9#UC:&%R<V5T/4Y53$P["C,Q,&$S,3$*/B`)"0D)8VAA<G-E=#U.
%54Q,.PH`
`
end

 [2000-11-05 20:08 UTC] rasmus@php.net
Fixed
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Oct 28 18:01:24 2020 UTC