From: [EMAIL PROTECTED]
Operating system: Redhat Linux
PHP version: 4.1.2
PHP Bug Type: PostgreSQL related
Bug description: Variable lookup table overflow
Hi,
I've got a reproduceable problem with PHP when using
PostgreSQL. The problem does not appear when running
MySQL. I suspect a buffer overflow of some kind.
A good example of the problem follows, code taken from my
db library class and the query function:
$myVariable = "My Value";
$limit = -1;
$offset = 0;
print( "MyVar: $myVariable <br>" );
Will normally output:
MyVar: My Value<br>
However; after 55-60 database calls with the function it
will print:
MyVar: 0<br>
The 0 is the value assigned to the $offset variable. If I
remove the $offset = 0; line the output will be:
MyVar: -1<br>
As you can see all variables will be assigned to the same
value ( after n runs ).
It allways happens at the same place in the code even
after apache restarts etc. I have two different scrips
using the db library reproducing the same problem. And
this does not happen when using the mysql implementation
of the db library.
It may be something in the area of; a buffer for storing
the variable assignments overflows due to a buffer
overflow in the postgresql library. But this is only a
guess since I don't know the internals of PHP/PostgreSQL.
PHP configure line:
'./configure' '--with-dom' '--with-xml'
'--with-apxs=/usr/sbin/apxs' '--enable-ftp'
'--enable-trans-sid' '--with-config-file-path=/etc/httpd'
'--with-mysql=shared,/usr' '--with-pgsql=shared,/usr'
'--enable-inline-optimization' '--with-ttf' '--with-gd'
'--enable-gd-native-ttf' '--with-imap' '--includedir=/usr'
'--with-openssl=/usr' '--with-zlib-dir=/usr'
'--with-ldap=shared,/usr' '--with-openssl=shared,/usr'
'--enable-dbg=shared' '--with-dbg-profiler'
'--with-kerberos'
System:
Linux dozer.ez.no 2.4.9-31 #1 Tue Feb 26 07:11:02 EST 2002
i686 unknown
Server API:
Apache
I'm _not_ running APC or Zend accellerator.
There are no error messages in the log and no segfaults.
Regards
Bård Farstad
--
Edit bug report at http://bugs.php.net/?id=15896&edit=1
--
Fixed in CVS: http://bugs.php.net/fix.php?id=15896&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=15896&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=15896&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=15896&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=15896&r=support
Expected behavior: http://bugs.php.net/fix.php?id=15896&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=15896&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=15896&r=submittedtwice
