php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #35620 access violation on odbc query
Submitted: 2005-12-10 08:24 UTC Modified: 2005-12-25 21:18 UTC
From: humbads at alum dot mit dot edu Assigned: wez (profile)
Status: Not a bug Package: PDO related
PHP Version: 5CVS-2005-12-14 (snap) OS: Windows XP SP2
Private report: No CVE-ID: None
View Developer Edit
 [2005-12-10 08:24 UTC] humbads at alum dot mit dot edu 
Description:
------------
php-cgi.exe crashes with an access violation when using PDO ODBC to run a simple query as given below.  The code runs without error if not enclosed in a class.  It also runs without error if the query is run without saving the return value in $result. The stack trace indicates a crash when destroying the implicit prepared statement.

Reproduce code:
---------------
$mc = new MyClass;

class MyClass {
  function MyClass() {
    $odbc = new PDO("odbc:Driver={Microsoft Visual FoxPro Driver};SourceType=DBF;SourceDB=C:\\");
		
    $query = "SELECT * FROM invoice";
    $result = $odbc->query($query);
    die("happy");
  }
}

Expected result:
----------------
It should not crash when returning the result, or when running from within a class.

Actual result:
--------------
>	ntdll.dll!_RtlEnterCriticalSection@4()  + 0xb	
 	odbc32.dll!CCriticalSection::Enter()  + 0xf	
 	odbc32.dll!_ODBCEnterCriticalSection@4()  + 0xf	
 	odbc32.dll!_EnterStmtCS@4()  + 0x23	
 	odbc32.dll!_SQLCloseCursor@4()  + 0x2b	
 	php_pdo_odbc.dll!odbc_stmt_dtor(_pdo_stmt_t * stmt=0x00720448, void * * * tsrm_ls=0x00323eb0)  Line 56	C
 	php_pdo.dll!free_statement(_pdo_stmt_t * stmt=0x00720448, void * * * tsrm_ls=0x00323eb0)  Line 2118 + 0x8	C
 	php_pdo.dll!php_pdo_stmt_delref(_pdo_stmt_t * stmt=0x00720448, void * * * tsrm_ls=0x00323eb0)  Line 2157 + 0xb	C
 	php_pdo.dll!pdo_dbstmt_free_storage(_pdo_stmt_t * stmt=0x00720448, void * * * tsrm_ls=0x00323eb0)  Line 2162 + 0xf	C
 	php5ts.dll!zend_objects_store_free_object_storage(_zend_objects_store * objects=0x00328dc4, void * * * tsrm_ls=0x00323eb0)  Line 83 + 0xb	C
 	php5ts.dll!shutdown_executor(void * * * tsrm_ls=0x00a232c0)  Line 273 + 0x13	C
 	ntdll.dll!_RtlpFreeToHeapLookaside@8()  + 0x26	

Unhandled exception at 0x7c901010 (ntdll.dll) in php-cgi.exe: 0xC0000005: Access violation reading location 0x00000018.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-10 08:43 UTC] humbads at alum dot mit dot edu 
The same crash occurs if the code is simply within a function, rather than a class. Furthermore, the same crash occurs if another data source is used, e.g. SQL Server.

myfunction();

function myfunction() {
  $odbc = new PDO("odbc:Driver={Microsoft Visual FoxPro Driver};SourceType=DBF;SourceDB=C:\\");	
  $query = "SELECT * FROM invoice";
  $result = $odbc->query($query);
}
 [2005-12-14 05:58 UTC] wez@php.net 
This could be the same bug as #35552.
I couldn't reproduce the issue, but did spot some code that might cause something like this to happen.
Please try the next snapshot dated after this message to see if that nailed it.
 [2005-12-14 06:00 UTC] wez@php.net 
I meant that this could be the same as #35592, not #35552.
 [2005-12-14 09:23 UTC] humbads at alum dot mit dot edu 
This one also gives an exception, slightly different from before.  This crash is different than bug #35552, which occurs on any query for which ODBC should return an error. This crash seems to happens when the destructor is called on the statement.  I noticed if there is no die() or exit() in the function call (or class), there is no crash.  My second code example doesn't have this call and doesn't crash, so maybe that's why you couldn't reproduce it.  Snapshot 
php5.1-win32-200512140730.zip.

Here a fixed example:

Reproduce code:
---------------
q();
function q() {
  $odbc = new PDO("odbc:DSN=LocalPT;UID=ptuser;PWD=ptuser");
  $query = "SELECT * FROM tblUser";
  $result = $odbc->query($query);
  die();
}

Stack trace:
---------------

Unhandled exception at 0x7c901010 (ntdll.dll) in php-cgi.exe: 0xC0000005: Access violation reading location 0x00000018.

>	ntdll.dll!_RtlEnterCriticalSection@4()  + 0xb	
 	odbc32.dll!CCriticalSection::Enter()  + 0xf	
 	odbc32.dll!_ODBCEnterCriticalSection@4()  + 0xf	
 	odbc32.dll!_EnterStmtCS@4()  + 0x23	
 	odbc32.dll!_SQLCloseCursor@4()  + 0x2b	
 	php_pdo_odbc.dll!odbc_stmt_dtor(_pdo_stmt_t * stmt=0x007218a0, void * * * tsrm_ls=0x00324090)  Line 56	C
 	php_pdo.dll!free_statement(_pdo_stmt_t * stmt=0x007218a0, void * * * tsrm_ls=0x00324090)  Line 2118 + 0x8	C
 	php_pdo.dll!php_pdo_stmt_delref(_pdo_stmt_t * stmt=0x007218a0, void * * * tsrm_ls=0x00324090)  Line 2157 + 0xb	C
 	php_pdo.dll!pdo_dbstmt_free_storage(_pdo_stmt_t * stmt=0x007218a0, void * * * tsrm_ls=0x00324090)  Line 2162 + 0xf	C
 	php5ts.dll!100ab5f7() 	
 	php5ts.dll!10096192() 	
 	ntdll.dll!_RtlpFreeToHeapLookaside@8()  + 0x26	
 	ntdll.dll!_RtlFreeHeap@12()  + 0x114
 [2005-12-25 21:18 UTC] iliaa@php.net 
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

Dupe of bug #35552
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC