php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10816 Crash when calling ibase_trans with invalid link ID
Submitted: 2001-05-11 15:10 UTC Modified: 2002-08-13 23:49 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: zerhart at acgmultimedia dot com Assigned:
Status: Not a bug Package: InterBase related
PHP Version: 4.0.5 OS: Win98
Private report: No CVE-ID: None
 [2001-05-11 15:10 UTC] zerhart at acgmultimedia dot com
Calling ibase_trans in the following example causes PHP to fault when the link ID is invalid (i.e. the database file isn't found.)

<?
	$dbh = ibase_pconnect( "Localhost:c:\\file_not_found.gdb", "user", "password" );
	$trh = ibase_trans( IBASE_DEFAULT, $dbh );
?> 

Configuration:
Win98
PHP 4.0.5
Interbase WI-V6.0.1.0
Apache 1.3.19

A selected portion of the Dr. Watson log is below:

Command line: "C:\TOOLS\APACHE\APACHE\APACHE.EXE" -Z ap-839867_C1 -f "c:/tools/apache/apache/conf/httpd.conf" "-w" "-f" "C:\TOOLS\apache\Apache\conf\httpd.conf" "-d" "C:\TOOLS\apache\Apache""

Trap 0e 0000 - Invalid page fault
eax=00000000 ebx=00000000 ecx=00000010 edx=00000010 esi=00000000 edi=00000002
eip=40545c8a esp=0215f760 ebp=0215f81c         -- -- -- nv up EI pl ZR na PE nc
cs=0177 ss=017f ds=017f es=017f fs=5277 gs=0000
GDS32.DLL:.text+0x14c8a:
>0177:40545c8a 8a02                mov     al,byte ptr [edx]

   sel  type base     lim/bot
   ---- ---- -------- --------
cs 0177 r-x- 00000000 ffffffff
ss 017f rw-e 00000000 0000a300
ds 017f rw-e 00000000 0000a300
es 017f rw-e 00000000 0000a300
fs 5277 rw-- 8197ff30 00000037
gs 0000 ----

stack base:   02060000
TIB limits:   0215a000 - 02160000

-- exception record --

   Exception Code: c0000005 (access violation)
Exception Address: 40545c8a (GDS32.DLL:.text+0x14c8a)
   Exception Info: 00000000
                   ffffffff

GDS32.DLL:.text+0x14c8a:
>0177:40545c8a 8a02                mov     al,byte ptr [edx]

 0177:40545c64 3bc1                cmp     eax,ecx
 0177:40545c66 0f8d15020000        jge     40545e81 = GDS32.DLL:.text+0x14e81
 0177:40545c6c 8b5514              mov     edx,dword ptr [ebp+14]
 0177:40545c6f 8b02                mov     eax,dword ptr [edx]
 0177:40545c71 8b08                mov     ecx,dword ptr [eax]
 0177:40545c73 898d4cffffff        mov     dword ptr [ebp-000000b4],ecx
 0177:40545c79 83bd4cffffff00      cmp     dword ptr [ebp-000000b4],+00
 0177:40545c80 740f                jz      40545c91 = GDS32.DLL:.text+0x14c91
 0177:40545c82 8b954cffffff        mov     edx,dword ptr [ebp-000000b4]
 0177:40545c88 33c0                xor     eax,eax
GDS32.DLL:.text+0x14c8a:
*0177:40545c8a 8a02                mov     al,byte ptr [edx]
 0177:40545c8c 83f801              cmp     eax,+01
 0177:40545c8f 7451                jz      40545ce2 = GDS32.DLL:.text+0x14ce2
 0177:40545c91 8b8d48ffffff        mov     ecx,dword ptr [ebp-000000b8]
 0177:40545c97 894df4              mov     dword ptr [ebp-0c],ecx
 0177:40545c9a 8b55f4              mov     edx,dword ptr [ebp-0c]
 0177:40545c9d c70201000000        mov     dword ptr [edx],00000001
 0177:40545ca3 8b45f4              mov     eax,dword ptr [ebp-0c]
 0177:40545ca6 83c004              add     eax,+04
 0177:40545ca9 8945f4              mov     dword ptr [ebp-0c],eax
 0177:40545cac 8b4df4              mov     ecx,dword ptr [ebp-0c]

--------------------


-- stack summary --

017f:0215f81c 0177:40545c8a GDS32.DLL:.text+0x14c8a
                            (007c1330,007cb520,00000001,0215f834,
                             007cb548,00000000,00000000,0215f91d)
017f:0215f904 0177:40546044 GDS32.DLL:.text+0x15044
                            (007c1330,007cb520,00000001,007cb548,
                             00000000,00000000,00000001,00000000)

-- stack trace --

017f:0215f81c 0177:40545c8a GDS32.DLL:.text+0x14c8a
                            (007c1330,007cb520,00000001,0215f834,
                             007cb548,00000000,00000000,0215f91d)
 0177:40545c64 3bc1                cmp     eax,ecx
 0177:40545c66 0f8d15020000        jge     40545e81 = GDS32.DLL:.text+0x14e81
 0177:40545c6c 8b5514              mov     edx,dword ptr [ebp+14]
 0177:40545c6f 8b02                mov     eax,dword ptr [edx]
 0177:40545c71 8b08                mov     ecx,dword ptr [eax]
 0177:40545c73 898d4cffffff        mov     dword ptr [ebp-000000b4],ecx
 0177:40545c79 83bd4cffffff00      cmp     dword ptr [ebp-000000b4],+00
 0177:40545c80 740f                jz      40545c91 = GDS32.DLL:.text+0x14c91
 0177:40545c82 8b954cffffff        mov     edx,dword ptr [ebp-000000b4]
 0177:40545c88 33c0                xor     eax,eax
GDS32.DLL:.text+0x14c8a:
*0177:40545c8a 8a02                mov     al,byte ptr [edx]
 0177:40545c8c 83f801              cmp     eax,+01
 0177:40545c8f 7451                jz      40545ce2 = GDS32.DLL:.text+0x14ce2
 0177:40545c91 8b8d48ffffff        mov     ecx,dword ptr [ebp-000000b8]
 0177:40545c97 894df4              mov     dword ptr [ebp-0c],ecx
 0177:40545c9a 8b55f4              mov     edx,dword ptr [ebp-0c]
 0177:40545c9d c70201000000        mov     dword ptr [edx],00000001
 0177:40545ca3 8b45f4              mov     eax,dword ptr [ebp-0c]
 0177:40545ca6 83c004              add     eax,+04
 0177:40545ca9 8945f4              mov     dword ptr [ebp-0c],eax
 0177:40545cac 8b4df4              mov     ecx,dword ptr [ebp-0c]

--------------------

017f:0215f904 0177:40546044 GDS32.DLL:.text+0x15044
                            (007c1330,007cb520,00000001,007cb548,
                             00000000,00000000,00000001,00000000)
 0177:4054602b 894df4              mov     dword ptr [ebp-0c],ecx
 0177:4054602e 8b55f4              mov     edx,dword ptr [ebp-0c]
 0177:40546031 52                  push    edx
 0177:40546032 668b4510            mov     ax,word ptr [ebp+10]
 0177:40546036 50                  push    eax
 0177:40546037 8b4d0c              mov     ecx,dword ptr [ebp+0c]
 0177:4054603a 51                  push    ecx
 0177:4054603b 8b5508              mov     edx,dword ptr [ebp+08]
 0177:4054603e 52                  push    edx
 0177:4054603f e85efbffff          call    40545ba2 = GDS32.DLL!isc_start_multiple
GDS32.DLL:.text+0x15044:
*0177:40546044 8945f0              mov     dword ptr [ebp-10],eax
 0177:40546047 8b45f4              mov     eax,dword ptr [ebp-0c]
 0177:4054604a 8d8d30ffffff        lea     ecx,[ebp-000000d0]
 0177:40546050 3bc1                cmp     eax,ecx
 0177:40546052 740c                jz      40546060 = GDS32.DLL:.text+0x15060
 0177:40546054 8b55f4              mov     edx,dword ptr [ebp-0c]
 0177:40546057 52                  push    edx
 0177:40546058 e8b8060000          call    40546715 = GDS32.DLL:.text+0x15715
 0177:4054605d 83c404              add     esp,+04
 0177:40546060 8b45f0              mov     eax,dword ptr [ebp-10]
 0177:40546063 8be5                mov     esp,ebp

--------------------

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-13 12:07 UTC] Vladimir dot Michl at hlubocky dot del dot cz
I have the same problem. Invalid DB handle cause SIGSEGV.
Problem may be caused by this code:

$db = ibase_connect("localhost", "sysdba", "masterkey");
// This cause segmentation fault
// I now, that parameters is swaped.
$tr = ibase_trans($db, IBASE_CONSISTENCY|IBASE_NOWAIT);

Platform Windows NT 4.0, Windows 2000, php 4.1.0
Debian GNU/Linux 2.2, php 4.0.3.
 [2002-08-13 23:49 UTC] iliaa@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC