Home Original page

[PATCH] ibase_service_attach() segfault on AMD64

Bug #34855 [PATCH] ibase_service_attach() segfault on AMD64
Submitted: 2005-10-13 13:25 UTC Modified: 2005-10-13 15:00 UTC
From: irie at gmx dot de Assigned:
Status: Closed Package: InterBase related
PHP Version: 5CVS-2005-10-13 (snap) OS: SuSE linux 10.0 (X86-64)
Private report: No CVE-ID: None

 [2005-10-13 13:25 UTC] irie at gmx dot de

Description:
------------
Calling ibase_service_attach() is segfaulting the apache-process on my AMD64 machine. The following patch resolves the issue.

--- ibase_service.c.orig        2005-10-13 09:56:15.000000000 +0200
+++ ibase_service.c     2005-10-13 13:17:46.000000000 +0200
@@ -210,7 +210,8 @@ PHP_FUNCTION(ibase_delete_user)
    Connect to the service manager */
 PHP_FUNCTION(ibase_service_attach)
 {
-       long hlen, ulen, plen, spb_len;
+       int hlen;
+       long ulen, plen, spb_len;
        ibase_service *svm;
        char buf[128], *host, *user, *pass, *loc;
        isc_svc_handle handle = NULL;


Actual result:
--------------
#0  0x00002aaaabcc5b90 in strcpy () from /lib64/tls/libc.so.6
#1  0x00002aaaae673702 in KEYWORD_getTokens () from /opt/firebird/lib/libfbclient.so.1
#2  0x00002aaaae65a2c8 in isc_service_attach () from /opt/firebird/lib/libfbclient.so.1
#3  0x00002aaaadd84c02 in zif_ibase_service_attach (ht=3, return_value=0xa55760, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/local/src/php5-200510120830/ext/interbase/ibase_service.c:241
#4  0x00002aaaadfc7278 in zend_do_fcall_common_helper_SPEC (execute_data=0x7fffffed91a0) at zend_vm_execute.h:187
#5  0x00002aaaadfcd658 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0x7fffffed91a0) at zend_vm_execute.h:1608
#6  0x00002aaaadfc6de0 in execute (op_array=0xa3be90) at zend_vm_execute.h:88
#7  0x00002aaaadf9251b in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php5-200510120830/Zend/zend.c:1087
#8  0x00002aaaadf3a772 in php_execute_script (primary_file=0x7fffffedb720) at /usr/local/src/php5-200510120830/main/main.c:1677
#9  0x00002aaaae022771 in php_handler (r=0x788670) at /usr/local/src/php5-200510120830/sapi/apache2handler/sapi_apache2.c:563
#10 0x0000000000427065 in ap_run_handler (r=0x788670) at config.c:152
#11 0x00000000004274c2 in ap_invoke_handler (r=0x788670) at config.c:364
#12 0x0000000000424660 in ap_process_request (r=0x788670) at http_request.c:249
#13 0x000000000041f8b8 in ap_process_http_connection (c=0x77e600) at http_core.c:251
#14 0x0000000000430e25 in ap_run_process_connection (c=0x77e600) at connection.c:43
#15 0x000000000042546c in child_main (child_num_arg=<value optimized out>) at prefork.c:610
#16 0x0000000000425654 in make_child (s=0x598730, slot=0) at prefork.c:650
#17 0x000000000042570d in startup_children (number_to_start=5) at prefork.c:722
#18 0x0000000000425ed5 in ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>) at prefork.c:941
#19 0x000000000042c0ce in main (argc=2, argv=0x7fffffedbcc8) at main.c:618

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2005-10-13 13:52 UTC] tony2001@php.net

Actually it should be
-       long hlen, ulen, plen, spb_len;
+       int hlen, ulen, plen, spb_len;

does it work for you too?

 [2005-10-13 14:51 UTC] irie at gmx dot de

yes, it does.

 [2005-10-13 15:00 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.