Bug #52636 [Opn->Asn]: php_mysql_fetch_hash writes long value into int

Wed, 18 Aug 2010 10:54:31 -0700 

Edit report at http://bugs.php.net/bug.php?id=52636&edit=1

 ID:                 52636
 Updated by:         ka...@php.net
 Reported by:        rein at basefarm dot no
 Summary:            php_mysql_fetch_hash writes long value into int
-Status:             Open
+Status:             Assigned
 Type:               Bug
 Package:            MySQL related
 Operating System:   Solaris10 on sparc
 PHP Version:        5.3.3
-Assigned To:        
+Assigned To:        kalle
 Block user comment: N

 New Comment:

Hi, wouldn't it be easier if we just changed the result_type to be a
long in the prototype?


Previous Comments:
------------------------------------------------------------------------
[2010-08-18 16:43:33] rein at basefarm dot no

Adding a patch doesn't work, so here it is:



Index: ext/mysql/php_mysql.c

===================================================================

RCS file: ext/mysql/php_mysql.c,v

retrieving revision 1.1.1.21

retrieving revision 1.2

diff -u -u -r1.1.1.21 -r1.2

--- ext/mysql/php_mysql.c       16 Aug 2010 17:58:34 -0000      1.1.1.21

+++ ext/mysql/php_mysql.c       18 Aug 2010 14:09:13 -0000      1.2

@@ -2040,9 +2040,12 @@

        } else

 #endif

        {

-               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|l", 
&res,
&result_type) == FAILURE) {

+               long res_type = result_type;

+

+               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|l", 
&res,
&res_type) == FAILURE) {

                        return;

                }

+               result_type = res_type;

                if (!result_type) {

                        /* result_type might have been set outside, so only 
overwrite when
not set */

                        result_type = MYSQL_BOTH;

------------------------------------------------------------------------
[2010-08-18 16:35:17] rein at basefarm dot no

Description:
------------
In php_mysql_fetch_hash(), zend_parse_parameters() is passed
&result_type, an int variable, which it is instructed to write a long
value into.  On a big-endian system like the sparc it writes outside the
memory location of result_type.



The mysql_fetch_array tests in:



 ext/mysql/tests/002.phpt

 ext/mysql/tests/mysql_fetch_array.phpt



fails on Solaris sparc systems without this patch, it always behaves as
if the one-argument version of mysql_fetch_array is called.



This bug may be causing the problem reported in bug#51601.





------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52636&edit=1

Reply via email to