Debian Bug report logs -
#559273
tdsodbc: malloc 4 byte missing but 8 byte writing caused by PHP odbc_fetch_object()
Reported by: Daniel Ly <ghost@weblaw.ch>
Date: Thu, 3 Dec 2009 09:18:02 UTC
Severity: normal
Fixed in versions php5/5.2.11.dfsg.1-1, 5.3.3-7
Done: Ondřej Surý <ondrej@sury.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Steve Langasek <vorlon@debian.org>:
Bug#559273; Package tdsodbc.
(Thu, 03 Dec 2009 09:18:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Daniel Ly <ghost@weblaw.ch>:
New Bug report received and forwarded. Copy sent to Steve Langasek <vorlon@debian.org>.
(Thu, 03 Dec 2009 09:18:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: tdsodbc
Version: 0.82-4
Severity: normal
For details see
http://serverfault.com/questions/90100/64bit-unixodbc-and-freetds-a-bug-in-libtdsodbc-so
I also reported the bug to PHP and wrote an e-mail to three
maintainers at FreeTDS because I don't know who is responsible and is
able to fix the bug.
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)
Shell: /bin/sh linked to /bin/bash
Versions of packages tdsodbc depends on:
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii freetds-common 0.82-4 configuration files for FreeTDS SQ
ii libc6 2.7-18 GNU C Library: Shared libraries
ii odbcinst1debian1 2.2.11-16 Support library and helper program
Versions of packages tdsodbc recommends:
ii unixodbc 2.2.11-16 ODBC tools libraries
tdsodbc suggests no packages.
-- debconf information:
freetds/addtoodbc: false
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#559273; Package tdsodbc.
(Mon, 07 Dec 2009 05:18:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(Mon, 07 Dec 2009 05:18:12 GMT) (full text, mbox, link).
Message #10 received at 559273@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu, Dec 03, 2009 at 10:05:36AM +0100, Daniel Ly wrote:
> Package: tdsodbc
> Version: 0.82-4
> Severity: normal
> For details see
> http://serverfault.com/questions/90100/64bit-unixodbc-and-freetds-a-bug-in-libtdsodbc-so
You should explain your bug in your email instead of linking to some website
for the explanation. Some of us are known to check our email offline from
time to time (like right now).
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#559273; Package tdsodbc.
(Tue, 08 Dec 2009 06:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list.
(Tue, 08 Dec 2009 06:27:03 GMT) (full text, mbox, link).
Message #15 received at 559273@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
reassign 559273 php5
thanks
On Thu, Dec 03, 2009 at 10:05:36AM +0100, Daniel Ly wrote:
> For details see
> http://serverfault.com/questions/90100/64bit-unixodbc-and-freetds-a-bug-in-libtdsodbc-so
> I also reported the bug to PHP and wrote an e-mail to three
> maintainers at FreeTDS because I don't know who is responsible and is
> able to fix the bug.
Quoting from that page:
$ USE_ZEND_ALLOC=0 valgrind --leak-check=full ./current.php
[...]
==3831== Invalid write of size 8
==3831== at 0xD64420C: (within /usr/lib/odbc/libtdsodbc.so)
==3831== by 0xB55E859: SQLColAttributes (in /usr/lib/libodbc.so.1.0.0)
==3831== by 0xB34AA37: odbc_bindcols (in /usr/lib/php5/20060613/odbc.so)
==3831== by 0xB350B86: zif_odbc_exec (in /usr/lib/php5/20060613/odbc.so)
==3831== by 0xBDEDC9C: (within /usr/lib/php5/20060613/suhosin.so)
==3831== by 0x6A5798: (within /usr/bin/php5)
==3831== by 0x691003: execute (in /usr/bin/php5)
==3831== by 0xBDEE125: (within /usr/lib/php5/20060613/suhosin.so)
==3831== by 0x66CDF7: zend_execute_scripts (in /usr/bin/php5)
==3831== by 0x627667: php_execute_script (in /usr/bin/php5)
==3831== by 0x6EBFF6: main (in /usr/bin/php5)
==3831== Address 0xd2b564c is 44 bytes inside a block of size 48 alloc'd
==3831== at 0x4C2260E: malloc (vg_replace_malloc.c:207)
==3831== by 0xB34A911: odbc_bindcols (in /usr/lib/php5/20060613/odbc.so)
==3831== by 0xB350B86: zif_odbc_exec (in /usr/lib/php5/20060613/odbc.so)
==3831== by 0xBDEDC9C: (within /usr/lib/php5/20060613/suhosin.so)
==3831== by 0x6A5798: (within /usr/bin/php5)
==3831== by 0x691003: execute (in /usr/bin/php5)
==3831== by 0xBDEE125: (within /usr/lib/php5/20060613/suhosin.so)
==3831== by 0x66CDF7: zend_execute_scripts (in /usr/bin/php5)
==3831== by 0x627667: php_execute_script (in /usr/bin/php5)
==3831== by 0x6EBFF6: main (in /usr/bin/php5)
Looking at a 64-bit build log for the php5 version in lenny[1], we see:
/build/buildd/php5-5.2.6.dfsg.1/ext/odbc/php_odbc.c: In function 'odbc_bindcols':
/build/buildd/php5-5.2.6.dfsg.1/ext/odbc/php_odbc.c:656: warning: passing argument 7 of 'SQLColAttributes' from incompatible pointer type
/build/buildd/php5-5.2.6.dfsg.1/ext/odbc/php_odbc.c:679: warning: passing argument 7 of 'SQLColAttributes' from incompatible pointer type
/build/buildd/php5-5.2.6.dfsg.1/ext/odbc/php_odbc.c:684: warning: passing argument 6 of 'SQLBindCol' from incompatible pointer type
Definitely a php5 bug, not a bug in freetds. And fixed in unstable -
odbc_result_value.coltype is now correctlydeclared 'SQLLEN', not 'SDWORD'.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
[1] https://buildd.debian.org/fetch.cgi?pkg=php5;ver=5.2.6.dfsg.1-2;arch=alpha;stamp=1231884012
[signature.asc (application/pgp-signature, inline)]
Bug reassigned from package 'tdsodbc' to 'php5'.
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Tue, 08 Dec 2009 06:27:05 GMT) (full text, mbox, link).
Bug No longer marked as found in versions freetds/0.82-4.
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org.
(Tue, 08 Dec 2009 06:27:05 GMT) (full text, mbox, link).
Bug Marked as fixed in versions php5/5.2.11.dfsg.1-1.
Request was from Raphael Geissert <geissert@debian.org>
to control@bugs.debian.org.
(Mon, 11 Jan 2010 19:06:08 GMT) (full text, mbox, link).
Reply sent
to Ondřej Surý <ondrej@sury.org>:
You have taken responsibility.
(Wed, 27 Apr 2011 08:34:15 GMT) (full text, mbox, link).
Notification sent
to Daniel Ly <ghost@weblaw.ch>:
Bug acknowledged by developer.
(Wed, 27 Apr 2011 08:34:15 GMT) (full text, mbox, link).
Message #26 received at 559273-done@bugs.debian.org (full text, mbox, reply):
Version: 5.3.3-7
Hi,
since lenny is oldstable it will not get any updates now (except
security)[1], I am closing all segfault bugs filled against php5 in
lenny. (This is kind of saying that we don't care much about php5 in
lenny anymore).
If you believe the bug is still there, please provide evidence[2] and
a (preferably complete) test case with up-to-date squeeze (and/or
testing or unstable) version of php5 and reopen the bug.
O.
1. http://wiki.debian.org/PHP#Notes_on_PHP_and_security
2. Install php5-dbg and provide backtrace:
http://bugs.php.net/bugs-generating-backtrace.php
--
Ondřej Surý <ondrej@sury.org>
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 26 May 2011 07:39:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 01:14:40 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.