** Description changed:
The 7.4.3-4ubuntu2.29+esm1 appears to have broken pg_escape_bytea
function.
Any input passed to the function results in a fatal error of an escape
failure
A minimal reproduction script looks like this
<?php
// --- Configuration ---=
$dbhost = "host";
$dbport = "5432";
$dbname = "dbname";
$dbuser = "dbuser";
$dbpass = "dbpass";
// --- Connect to PostgreSQL ---
$conn = pg_connect("host=$dbhost port=$dbport dbname=$dbname user=$dbuser
password=$dbpass");
if (!$conn) {
die("Failed to connect to PostgreSQL\n");
}
// --- Escape for BYTEA ---
$escaped = pg_escape_bytea($conn, 'test');
var_dump($escaped)
And the result
php test.php
PHP Fatal error: Uncaught Exception: Escape failure in test.php:19
Stack trace:
Running this in an unpatched php 7.4 docker from the php upstream project
gives
php test.php
string(10) "\x74657374"
We believe this may be a result of the fix for
https://ubuntu.com/security/CVE-2025-1735
+
+ We haven't seen this happen on 8.1.2-1ubuntu2.22 or 8.3 php versions, so
+ the issue appears to be limited to just php7.4
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121643
Title:
pg_escape_bytea fails on even trivial byte content
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.4/+bug/2121643/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
