ID: 34579 Updated by: [EMAIL PROTECTED] Reported By: secpelle at ee dot oulu dot fi -Status: Open +Status: Feedback Bug Type: Reproducible crash Operating System: Solaris PHP Version: 5.0.5 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip Can't reproduce. Previous Comments: ------------------------------------------------------------------------ [2005-09-21 13:42:19] secpelle at ee dot oulu dot fi Description: ------------ sqlite crashes php if "getcwd" fails due to restrictive permission in parent directories, for cli this is an annoyance, for php module in apache this is a local DoS null ptr dereference in sqliteOsFullPathname() Reproduce code: --------------- % mkdir -p test/test % cd test/test % echo '<?sqlite_open("a.db");?>' | php # all ok chmod 111 .. % pwd pwd: cannot determine current directory! % echo '<?sqlite_open("b.db");?>' | php Segmentation fault (core dumped) Expected result: ---------------- no crash Actual result: -------------- =>[1] strlen(0x0, 0x0, 0xffbf9f60, 0x7efefeff, 0x81010100, 0x0), at 0xef8b44e4 [2] sqliteSetString(0xffbfdf3c, 0x0, 0x3f9268, 0x539ca0, 0x0, 0x0), at 0x1fa914 [3] sqliteOsFullPathname(0x539ca0, 0x0, 0x0, 0x62, 0x0, 0x3f9000), at 0x1eb3cc [4] sqlitepager_open(0x51a854, 0x539ca0, 0x7d0, 0x118, 0x1, 0x46bc00), at 0x1ec3d0 [5] sqliteBtreeOpen(0x539ca0, 0x0, 0x7d0, 0x539cc4, 0x1, 0x51a850), at 0x1d2100 [6] sqlite_open(0x539ca0, 0x539cb8, 0xffbfe1d4, 0x539d28, 0x2, 0x539cc4), at 0x1e8fc4 [7] zif_sqlite_open(0x539ca0, 0x539c58, 0x0, 0x0, 0x480ce4, 0x1b6), at 0x1c421c [8] zend_do_fcall_common_helper(0x52bd80, 0x538480, 0x1, 0x498bf0, 0xffbfe2ec, 0x538490), at 0x39d83c [9] execute(0x534220, 0xffffffff, 0x39de10, 0xffbfe2ec, 0x4, 0x498c18), at 0x398964 [10] zend_execute_scripts(0x8, 0x0, 0xffbfe9c8, 0x416610, 0x416778, 0x2), at 0x35beb4 [11] php_execute_script(0xffbfe9c8, 0xffbfe910, 0x0, 0x49ae28, 0x0, 0x49ae38), at 0x2ecdfc [12] main(0x0, 0x1, 0xffffffff, 0x4940d8, 0x0, 0x41c000), at 0x3a58a4 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=34579&edit=1