pg_lo_open segfaults in the strict_types mode

[morozov]

Description

The following code:

<?php

declare(strict_types=1);

$conn = pg_connect("host='127.0.0.1' dbname='postgres' user='postgres' password='Passw0rd'");

if ($conn === false) {
    die(pg_last_error());
}

// Begin a transaction
pg_query($conn, 'BEGIN');

// Create an empty large object
$oid = pg_lo_create($conn);

if ($oid === false) {
    die(pg_last_error($conn));
}

// Open the large object for writing
$lob = pg_lo_open($conn, $oid, 'w');

if ($oid === false) {
    die(pg_last_error($conn));
}

echo 'The large object has been opened successfully.', PHP_EOL;

Resulted in this output:

Fatal error: Uncaught ValueError: Mode must be one of 'r', 'r+', 'w', or 'w+' in /Users/morozov/pgsql-bug.php:22
Stack trace:
#0 /Users/morozov/pgsql-bug.php(22): pg_lo_open(Object(PgSql\Connection), 16896, 'w')
#1 {main}
  thrown in /Users/morozov/pgsql-bug.php on line 22
fish: Job 1, 'php pgsql-bug.php' terminated by signal SIGSEGV (Address boundary error)

But I expected this output instead:

The large object has been opened successfully.

Commenting out the declare(strict_types=1); line addresses the issue.

PHP Version

8.1.16

Operating System

All

[Girgias]

The issue is that we use the wrong ZPP format on line 2340

else if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS(),
								 "Ols", &pgsql_link, pgsql_link_ce, &oid_long, &mode) == SUCCESS) {

as s expects a char* and size_t pair, whereas we are passing in a zend_string.

Surprised this is only getting caught now...