PHP :: Bug #25585 :: PHP crash if executed MSSQL-query with RAISERROR() call and error 515

Bug #25585

PHP crash if executed MSSQL-query with RAISERROR() call and error 515

Submitted:

2003-09-18 07:39 UTC

Modified:

2003-12-01 13:11 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

snick at getart dot ru

Assigned:

Status:

Not a bug

Package:

MSSQL related

PHP Version:

4.3.3

OS:

Windows 2003 Server

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	snick at getart dot ru
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-09-18 07:39 UTC] snick at getart dot ru

Description:
------------
When I try to execute T-SQL query with advanced instructions PHP was crash.

Tested with:
Apache v. 2.0.43
IIS v. 6.0
MSSQL v. 7.0
ntwdblib.dll v. 2000.80.194.0

Query must include: 
- BEGIN TRAN and COMMIT / ROLLBACK TRAN;
- RAISEERROR() function call;
- Error in query before RAISERROR (eg. failed INSERT with 'Can not insert NULL into bla-bla-bla' message (msg 515))

Reproduce code:
---------------
// you must create database called 'myDB' and table
// 'myTable' with columns myField1 INT NOT NULL, myField2 VARCHAR(50) NOT NULL

/*
...db connection and selection
*/

$query = "BEGIN TRAN
    DECLARE @Flag BIT
    SET @Flag = 0
    INSERT INTO myTable (myField2) VALUES ('akgfsjhdgf')
    IF @Flag = 0
        BEGIN
        RAISERROR('Some error', 18, 10)
        ROLLBACK TRAN
        END
    ELSE
        COMMIT TRAN";

$result = mssql_query($query);
echo "Result is ".($result ? "true" : "false")."<br/>";
echo "DB Error is ".mssql_get_last_message()."<br/>";


Expected result:
----------------
PHP must return usual errors (if exists) and specified output:
Result is true
DB Error is Changed database context to 'myDB'

Actual result:
--------------
If PHP running as Apache module:
 message box 
 "Apache.exe - Application Error
  The instruction at '0x77f486f7' referenced memory at
  '0x00000000'. The memory could not be 'read'"

If PHP running as standalone:
 message box
 "php.exe - Application Error
  The instruction at '0x77f486f7' referenced memory at
  '0x00000000'. The memory could not be 'read'"

If PHP running as ISAPI module:
 IIS return in browser string "PHP has encountered an Access Violation at 77F47931"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-09-19 00:57 UTC] sniper@php.net

Does it crash without the mssql_get_last_message() line?

[2003-09-19 02:53 UTC] snick at getart dot ru

Yes. Comments of mssql_get_last_message() changes situation, but not essentially:

Under Apache and standalone will crash in any case.
Under IIS crashes after four or five browser refreshes.

[2003-11-30 21:14 UTC] msisolak at yahoo dot com

I believe the problem here is in how mssql_query handles result sets that have multiple results returned, but none with rows (such as in this bug where there are multiple commands executed and multiple errors returned).  In the php_mssql.c for PHP 4.3.4 the block at line 1145 reads:

	while ((num_fields = dbnumcols(mssql_ptr->link)) <= 0 && retvalue == SUCCEED) {
		retvalue = dbresults(mssql_ptr->link);
	}

According to Microsoft (http://msdn.microsoft.com/library/en-us/dblibc/dbc_pdc04e_52sz.asp), however:

	"You must call dbresults until it returns NO_MORE_RESULTS, or any continued 
	use of the DBPROCESS causes the DB-Library error 10038 'Results Pending'."

As this code in php_mssql.c currently stands it stops looping the empty result sets too early becuase it's looking for SUCCEED instead of NO_MORE_RESULTS.  Changing this code to:

	while ((num_fields = dbnumcols(mssql_ptr->link)) <= 0 && retvalue != NO_MORE_RESULTS) {
		retvalue = dbresults(mssql_ptr->link);
	}

causes both SQL Server error messages generated by the sample query in the bug report to be correctly displayed and eliminates the fault.

[2003-12-01 13:06 UTC] fmk@php.net

The mssql_query function is supposed to stop at the first result. You should use mssql_next_result() to move the internal result pointer forward to the next result, if the query returns more than one result. That way you can process all the results in the query.

I'll test the sample code to see if I get the same result and fix any errors that I might find. The driver should not crash on a RAISEERROR().

[2003-12-01 13:11 UTC] fmk@php.net

The sample code provided with this sample does not lead to a crash on my system.

The output I get is:

Warning: mssql_query(): message: Some error (severity 18) in C:\PHP\php_test\php_mssql\raiseerror.php on line 21
Result is false<br/>DB Error is Some error<br/>

And that is as expected. The first line is the driver spitting out a warning, the second line is from the script.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 06:01:30 2024 UTC