[PHP-BUG] Bug #63700 [NEW]: Buffer overrun in mysqlnd_reverse_api_register_api

Wed, 05 Dec 2012 12:02:35 -0800 

From:             slangley at google dot com
Operating system: N/A
PHP version:      5.4.9
Package:          MySQL related
Bug Type:         Bug
Bug description:Buffer overrun in mysqlnd_reverse_api_register_api

Description:
------------
Address sanitizer detected a buffer over run.

ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff149259af at
pc 
0x7f3cfb7b1840 bp 0x7fff149258d0 sp 0x7fff149258c8
READ of size 1 at 0x7fff149259af thread T0
    #0 0x7f3cfb7b183f php/v5_4_8/Zend/zend_hash.c:261
_zend_hash_add_or_update
    #1 0x7f3cfba67ea1 php/v5_4_8/ext/mysqlnd/mysqlnd_reverse_api.c:63 
mysqlnd_reverse_api_register_api
    #2 0x7f3cfbb64bd3 php/v5_4_8/ext/pdo_mysql/pdo_mysql.c:123 
zm_startup_pdo_mysql
    #3 0x7f3cfb55af8d php/v5_4_8/Zend/zend_API.c:1661
zend_startup_module_ex
    #4 0x7f3cfb7b5041 php/v5_4_8/Zend/zend_hash.c:716 zend_hash_apply
    #5 0x7f3cfb55ba8e php/v5_4_8/Zend/zend_API.c:1788 zend_startup_modules
    #6 0x7f3cfbf3b447 php/v5_4_8/main/main.c:2205 php_module_startup

Here's the patch to fix it

--- v5_4_8/ext/mysqlnd/mysqlnd_reverse_api.c.orig       2012-12-05 
11:50:33.000000000 -0800
+++ v5_4_8/ext/mysqlnd/mysqlnd_reverse_api.c    2012-12-05 11:50:52.000000000

-0800
@@ -61,7 +61,7 @@
 mysqlnd_reverse_api_register_api(MYSQLND_REVERSE_API * apiext TSRMLS_DC)
 {
        zend_hash_add(&mysqlnd_api_ext_ht, apiext->module->name, strlen(apiext-
>module->name) + 1, &apiext,
-                                 sizeof(MYSQLND_REVERSE_API), NULL);
+                                 sizeof(void*), NULL);
 }
 /* }}} */
 



-- 
Edit bug report at https://bugs.php.net/bug.php?id=63700&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=63700&r=trysnapshot54
Try a snapshot (PHP 5.3):   
https://bugs.php.net/fix.php?id=63700&r=trysnapshot53
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=63700&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=63700&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=63700&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=63700&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=63700&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=63700&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=63700&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=63700&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=63700&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=63700&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=63700&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63700&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=63700&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=63700&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=63700&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63700&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=63700&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=63700&r=mysqlcfg

Reply via email to