PHP :: Bug #32932 :: Oracle LDAP: ldap_get_entries invalid pointer
- ️Tue May 03 2005
| Bug #32932 | Oracle LDAP: ldap_get_entries invalid pointer | |||
|---|---|---|---|---|
| Submitted: | 2005-05-03 22:43 UTC | Modified: | 2005-05-10 18:06 UTC | |
| From: | frameloss at gmail dot com | Assigned: | ||
| Status: | Closed | Package: | LDAP related | |
| PHP Version: | 4.3.11, 5.0.4 | OS: | Fedora Core 3 | |
| Private report: | No | CVE-ID: | None |
[2005-05-03 22:43 UTC] frameloss at gmail dot com
Description: ------------ The following errors occur when using the ldap_get_entries call on PHP 5.0.4, Apache 2.0.53 , Fedora Core 3 2.6.9-1.724_FC3smp *** glibc detected *** free(): invalid pointer: 0xb7cede40 *** *** glibc detected *** double free or corruption (out): 0x08917930 *** *** glibc detected *** free(): invalid pointer: 0xb7cede40 *** [Tue May 3 14:13:27 2005] [notice] child pid 13543 exit signal Aborted (6) [Tue May 3 14:13:27 2005] [notice] child pid 13544 exit signal Aborted (6) [Tue May 3 14:13:27 2005] [notice] child pid 13545 exit signal Aborted (6) *** glibc detected *** free(): invalid pointer: 0xb7cede40 *** However, ldap_get_values and ldap_first_entry etc seem to work fine. Configure line: './configure' '--with-ldap=/usr/local/oracle/product/10.1.0.3.0/' '--enable-versioning' '--enable-memo' '--enable-ctype' '--with-curl' '--enable-ftp' '--with-gd' '--enable-gd-native-ttf' '--with-freetype' '--with-t1lib' '--with-jpeg' '--with-jpeg-dir=/usr/local' '--with-png' '--with-xpm' '--with-gmp' '--with-mcrypt' '--with-mhash' '--with-mysql=/usr/local' '--with-openssl' '--with-oci8=/usr/local/oracle/product/10.1.0.3.0' '--enable-overload' '--with-pcre-regex' '--enable-posix' '--enable-session' '--enable-tokenizer' '--with-expat' '--enable-xml' '--with-zlib' '--with-apxs=/usr/local/apache/bin/apxs' '--with-xpm-dir=/usr/X11R6/' '--with-freetype-dir=/usr' '--with-t1lib-dir=/usr' '--with-sybase-ct=/usr/local/FreeTDS/' Reproduce code: --------------- Using example code provided from user manual.
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commitsRelated reports
[2005-05-04 17:25 UTC] frameloss at gmail dot com
Backtrace, using CLI php . . .
(gdb) set args /usr/local/apache/htdocs/reporting/test/ldap.php
(gdb) run
Starting program: /root/SOURCE/Web/PHP/php-5.0.4/sapi/cli/php /usr/local/apache/htdocs/reporting/test/ldap.php
[Thread debugging using libthread_db enabled]
[New Thread -1208379712 (LWP 3230)]
ldap_connect function available<br><pre></pre><h3>LDAP query test</h3>... Connecting ... resource(4) of type (ldap link)
connect result is <pre> Resource id #4</pre><br />Binding ...Bind result is 1<br />Searching for username ...Search result is Resource id #5<br />Number of entires returned is 1<br />Getting entries ...<p>*** glibc detected *** free(): invalid pointer: 0xb7cf4e40 ***
Program received signal SIGABRT, Aborted.
[Switching to Thread -1208379712 (LWP 3230)]
0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0 0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x009b5955 in raise () from /lib/tls/libc.so.6
#2 0x009b7319 in abort () from /lib/tls/libc.so.6
#3 0x009e8f9a in __libc_message () from /lib/tls/libc.so.6
#4 0x009ef528 in _int_free () from /lib/tls/libc.so.6
#5 0x009efafa in free () from /lib/tls/libc.so.6
#6 0x080e25b8 in zif_ldap_get_entries (ht=2, return_value=0x8633e94, this_ptr=0x0, return_value_used=1)
at /root/SOURCE/Web/PHP/php-5.0.4/ext/ldap/ldap.c:998
#7 0x0825b999 in zend_do_fcall_common_helper (execute_data=0xbfe04fe0, opline=0x86393ac, op_array=0x8631d54)
at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend_execute.c:2727
#8 0x0825c188 in zend_do_fcall_handler (execute_data=0xbfe04fe0, opline=0x86393ac, op_array=0x8631d54)
at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend_execute.c:2859
#9 0x08256b56 in execute (op_array=0x8631d54) at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend_execute.c:1406
#10 0x08232d8d in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/SOURCE/Web/PHP/php-5.0.4/Zend/zend.c:1069
#11 0x081f4417 in php_execute_script (primary_file=0xbfe073f0) at /root/SOURCE/Web/PHP/php-5.0.4/main/main.c:1632
#12 0x08261a6b in main (argc=2, argv=0xbfe074b4) at /root/SOURCE/Web/PHP/php-5.0.4/sapi/cli/php_cli.c:946
(gdb)
[2005-05-06 20:11 UTC] frameloss at gmail dot com
(gdb) set args /usr/local/apache/htdocs/reporting/test/ldap-orig.php
(gdb) run
Starting program: /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/sapi/cli/php /usr/local/apache/htdocs/reporting/test/ldap-orig.php
[Thread debugging using libthread_db enabled]
[New Thread -1208383808 (LWP 2916)]
ldap_connect function available<br><pre></pre><h3>LDAP query test</h3>... Connecting ... resource(4) of type (ldap link)
connect result is <pre> Resource id #4</pre><br />Binding ...Bind result is 1<br />Searching for username ...Search result is Resource id #5<br />Number of entires returned is 1<br />Getting entries ...<p>*** glibc detected *** free(): invalid pointer: 0xb7cf3e40 ***
Program received signal SIGABRT, Aborted.
[Switching to Thread -1208383808 (LWP 2916)]
0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
(gdb) bt
#0 0x001e07a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x00827955 in raise () from /lib/tls/libc.so.6
#2 0x00829319 in abort () from /lib/tls/libc.so.6
#3 0x0085af9a in __libc_message () from /lib/tls/libc.so.6
#4 0x00861528 in _int_free () from /lib/tls/libc.so.6
#5 0x00861afa in free () from /lib/tls/libc.so.6
#6 0x080ebbc8 in zif_ldap_get_entries (ht=2, return_value=0x951972c, this_ptr=0x0,
return_value_used=1)
at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/ext/ldap/ldap.c:1085
#7 0x082bf226 in zend_do_fcall_common_helper_SPEC (execute_data=0xbff26660)
at zend_vm_execute.h:175
#8 0x082c340a in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbff26660)
at zend_vm_execute.h:1544
#9 0x082bef3f in execute (op_array=0x951794c) at zend_vm_execute.h:78
#10 0x0829a12b in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/Zend/zend.c:1063
#11 0x08259c45 in php_execute_script (primary_file=0xbff28a80)
at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/main/main.c:1653
#12 0x0830f9d2 in main (argc=2, argv=0xbff28b44)
at /root/SOURCE/Web/PHP/snap-5-6-2005/php5-200505061630/sapi/cli/php_cli.c:954
(gdb)
[2005-05-08 18:10 UTC] sniper@php.net
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better.