From: chris_se at gmx dot net Operating system: Irrelevant PHP version: 5.2.6 PHP Bug Type: InterBase related Bug description: Segfault with invalid non-string as event handler callback
Description: ------------ Same problem as with bug #45555 - just for a different extension: The interbase extension accepts arbitrary zvals as callbacks (which is fine) but always uses Z_STRVAL(zval) to display an error message if the callback is invalid. This will cause a segfault if e.g. int(1) is passed as a callback. The following patch against PHP_5_3 (it also applies against PHP 5.2) solves the problem (there are two places where error messages are generated): http://www.christian-seiler.de/temp/ibase-5.3.patch And the same patch ported to HEAD: http://www.christian-seiler.de/temp/ibase-6.patch Please note that I only found this bug because I did a source review of all core extensions that call callbacks in order to ensure they are compatible with closures. I have no knowledge or experience whatsoever with Interbase or Firebird so I can't actually test this. But by reading the source it is clear that this will crash PHP (see bug #45555 where the same problem occurred but where I could test the issue). Reproduce code: --------------- Probably something like: ibase_set_event_handler($connection, 1, "whatever"); Expected result: ---------------- Callback argument 1 is not a callable function Actual result: -------------- Segmentation fault. -- Edit bug report at http://bugs.php.net/?id=45575&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=45575&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=45575&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=45575&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=45575&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=45575&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=45575&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=45575&r=needscript Try newer version: http://bugs.php.net/fix.php?id=45575&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=45575&r=support Expected behavior: http://bugs.php.net/fix.php?id=45575&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=45575&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=45575&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=45575&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45575&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=45575&r=dst IIS Stability: http://bugs.php.net/fix.php?id=45575&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=45575&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=45575&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=45575&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=45575&r=mysqlcfg