#33167 [NEW]: pg_fetch_array can cause a segfault

jsnell at networkninja dot com Fri, 27 May 2005 22:00:23 -0700

From:             jsnell at networkninja dot com
Operating system: Debian (dotdeb), gentoo
PHP version:      5.0.4
PHP Bug Type:     PostgreSQL related
Bug description:  pg_fetch_array can cause a segfault


Description:
------------
Calling pg_fetch_array() with the results of a division followed by
calling it with a constant causes a segfault.  I have confirmed it in both
cgi and mod php 5.0.4 and also in cgi php 5.0.3.

Reproduce code:
---------------
// need a valid database to connect to
// contents don't matter
$query = 'select 1 as one';

$db_user = "your_user";
$db_password =  "your_pass";
$db_name = "your_db";
$db_port = 5432;

$connect_string =  "user=$db_user " .
"password=$db_password " .
"port=$db_port ".
"dbname=$db_name";
$db_link = pg_connect($connect_string);

$result = pg_exec($db_link, $query);

$i = floor(4/5);
$data =  pg_fetch_array($result, $i);

$i = 0;
$data = pg_fetch_array($result, $i);

echo("No segfault");


Expected result:
----------------
No segfault

Actual result:
--------------
gdb backtrace:

#0  0x0820cf3b in _zend_hash_index_update_or_next_insert ()
#1  0x08209c53 in add_index_stringl ()
#2  0x406bee43 in zif_pg_fetch_result () from
/usr/lib/php5/20041030/pgsql.so
#3  0x406bf10f in zif_pg_fetch_array () from
/usr/lib/php5/20041030/pgsql.so
#4  0x0823c4da in zend_do_fcall_common_helper ()
#5  0x0823cb11 in zend_do_fcall_handler ()
#6  0x08224cb5 in execute ()
#7  0x08207e28 in zend_execute_scripts ()
#8  0x081d8bca in php_execute_script ()
#9  0x0824c3f4 in main ()


-- 
Edit bug report at http://bugs.php.net/?id=33167&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=33167&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=33167&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=33167&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=33167&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=33167&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=33167&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=33167&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=33167&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=33167&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=33167&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=33167&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=33167&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=33167&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=33167&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=33167&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=33167&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=33167&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=33167&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=33167&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=33167&r=mysqlcfg

#33167 [NEW]: pg_fetch_array can cause a segfault

Reply via email to