Red Hat Bugzilla – Bug 1315308
php: Segmentation fault in mysql_driver.c
Last modified: 2016-06-13 13:49:49 EDT
Segmentation fault in mysql_driver.c was found. When Z_TYPE is 0 (IS_NULL) then convert_to_string() returns value obtained from STR_EMPTY_ALLOC(). In turn, STR_EMPTY_ALLOC() returns a value of CG(interned_empty_string). Applying efree() on this value later causes crash. This issue was introduced by commit http://git.php.net/?p=php-src.git;a=commit;h=ef1bd8f0e6f88b1d123cea1c0b5079cfde7f90df
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1315309]
Please explain how this is considered as a security issue, especially as it requires some crafted script.
Agree this is not a security issue.
Additionally, it was identified in the upstream bug that the problem was only introduced via a fix for the following upstream bug:
first used in PHP version 5.6.14.