php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76586 DB2 Binding Parameter Memory Bug
Submitted: 2018-07-06 10:49 UTC Modified: 2018-07-06 11:58 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: dan dot ridgway at proximity dot co dot uk Assigned: vnkbabu (profile)
Status: Assigned Package: ibm_db2 (PECL)
PHP Version: 7.1.19 OS: IBMi V7R3
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-07-06 10:49 UTC] dan dot ridgway at proximity dot co dot uk
Description:
------------
If you try to bind a parameter of blank or empty in a UPPER(?) query it will try to allocate 1073741824 bytes no matter what field or file you are running the query on.

Exmaple of query that is broken...
SELECT ADDID, ADDNAME from ADDRESS where UPPER(ADDNAME) LIKE UPPER(?)

? is a empty string with no spaces.

The above logs the following error on the function db2_execute($stmt)...
PHP Fatal error: Allowed memory size of 786432000 bytes exhausted (tried to allocate 1073741824 bytes)


Example of query that works...
SELECT ADDID, ADDNAME from ADDRESS where UPPER(ADDNAME) LIKE UPPER('')
Instead of binding the parameter using db2_bind_param you can include the value in the statement and it works fine.

This bug only seems to happen on binding a parameter using db2_bind_param with an empty value that's then used in a UPPER function in the query.




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-06 11:00 UTC] dan dot ridgway at proximity dot co dot uk
-Operating System: V7R3 +Operating System: IBMi V7R3
 [2018-07-06 11:00 UTC] dan dot ridgway at proximity dot co dot uk
Updated OS
 [2018-07-06 11:58 UTC] cmb@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: vnkbabu
 [2018-07-06 11:58 UTC] cmb@php.net
Assigned to maintainer.
 [2018-07-18 12:34 UTC] shlomo dot v at zend dot com
This issue confirmed with latest db2 version 2.0.x 
Appears the LIKE is not working while NOT LIKE is ok.
 [2018-07-18 12:37 UTC] shlomo dot v at zend dot com
This issue confirmed with latest db2 version 2.0.x 
Appears the LIKE is not working while NOT LIKE is ok.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Dec 11 23:01:25 2018 UTC