ibase_trans() gives segfault when passing params

Bug #60802

Submitted:

2012-01-19 09:48 UTC

Modified:

2012-01-20 20:36 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

lars dot westermann at privat dot dk

Assigned:

mariuz (profile)

Status:

Closed

Package:

InterBase related

PHP Version:

5.3.9

OS:

Linux

Private report:

CVE-ID:

None

[2012-01-19 09:48 UTC] lars dot westermann at privat dot dk

Description:
------------
The ibase_trans() function segfaults when you pass connection-id and/or mode to the function.

After comparing both 5.2.x version of interbase.c and 5.3.x version, I found the solution:

# diff interbase.c interbase-fix.c
1128c1128,1129
<       unsigned short i, argn, link_cnt = 0, tpb_len = 0;
---
>       unsigned short i, link_cnt = 0, tpb_len = 0;
>       int argn;

The &argn passed to zend_parse_parameters shall be a pointer to an integer, not to an unsigned short.

Test script:
---------------
$DB = ibase_pconnect($DB_name, $DB_user, $DB_pw );
$TR = ibase_trans($DB);

is enough to trigger the error.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-01-19 18:59 UTC] mariuz@php.net

-Assigned To: +Assigned To: mariuz

[2012-01-19 22:31 UTC] mariuz@php.net

I saw that difference from 5.4 and now i know what was :)
I will merge back patch and 5.3 will look the same like in 5.2 , and 5.4

[2012-01-20 20:36 UTC] mariuz@php.net

-Status: Assigned +Status: Closed