PHP :: Bug #53323 :: pdo_firebird getAttribute() crash
| Bug #53323 | pdo_firebird getAttribute() crash | ||||
|---|---|---|---|---|---|
| Submitted: | 2010-11-16 17:44 UTC | Modified: | 2010-11-16 22:04 UTC | ||
| From: | preeves at ibphoenix dot com | Assigned: | felipe (profile) | ||
| Status: | Closed | Package: | PDO related | ||
| PHP Version: | 5.3.3 | OS: | |||
| Private report: | No | CVE-ID: | None | ||
[2010-11-16 17:44 UTC] preeves at ibphoenix dot com
Description: ------------ There is a bug and a few omissions in firebird_handle_get_attribute. Most significantly it declares tmp[200] which is used to store the server version. Unfortunately, a typical server version string is now over 300 bytes long. So this call just blows the driver out of the water, leaves this error in the apache log: *** stack smashing detected ***: /usr/sbin/httpd2-prefork terminated [Tue Nov 16 13:42:53 2010] [notice] child pid 11656 exit signal Segmentation fault (11) and the user is left staring at a server timeout error in the browser. This is easily fixed by declaring tmp[] to be larger. Less seriously, these attributes are not handled: PDO_ATTR_PREFETCH, PDO_ATTR_TIMEOUT, PDO_ATTR_FETCH_TABLE_NAMES so if they are called outside a try..catch then the call will fail badly. It is not obvious that a try..catch should be required so it is probably better to just handle these cases in the driver. I've attached a patch which fixes all of these issues.
Patches
php-5.3.3-pdo_firebird_driver_attributes.patch (last revision 2010-11-16 16:45 UTC by preeves at ibphoenix dot com)Pull Requests
History
AllCommentsChangesGit/SVN commits
[2010-11-16 22:04 UTC] felipe@php.net
-Summary: Some calls to pdo_firebird getAttribute crash +Summary: pdo_firebird getAttribute() crash -Status: Open +Status: Closed -Assigned To: +Assigned To: felipe
[2010-11-16 22:04 UTC] felipe@php.net