php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #23402 mssql_bind : Unhandled exception
Submitted: 2003-04-29 05:38 UTC Modified: 2003-05-20 19:08 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: Alla <svbevno at umailrusp dot am> Assigned:
Status: Closed Package: MSSQL related
PHP Version: 4.3.2RC2 OS: W2k
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Alla <svbevno at umailrusp dot am>
New email:
PHP Version: OS:

 

 [2003-04-29 05:38 UTC] Alla <svbevno at umailrusp dot am> 
BUG: mssql_bind() causes memory access violation.

The second call to mssql_bind (without mssql_init) leads to memory access violation: 'memory can not be written'.
mssql_init()
mssql_bind()
mssql_execute()
mssql_bind()     // !!!!!!! CRASH !!!!!!!
mssql_execute()

==========================================================
LOCATION:

Module             : php4ts.dll, 
File               : php_mssql.c
Line               : ! CRASH ! (see below)

Cause              : zend_hash_add(..) return NULL for the output variable 'bindp', and this is not checked in the code

Possible Fix       : add: if( NULL == bindp ) RETURN_FALSE;

Existing code source:

PHP_FUNCTION(mssql_bind)
{
  ........
  memset((void*)&bind,0,sizeof(mssql_bind));

  zend_hash_add( 
     statement->binds,
     Z_STRVAL_PP(param_name),
     Z_STRLEN_PP(param_name),
     &bind,sizeof(mssql_bind),
     (void **)&bindp );         // bindp == NULL here!

  bindp->zval = *var;           // !!!!!! CRASH !!!!!!!

  zval_add_ref(var);

  if(.....) 
  {
    ......
  }

  RETURN_TRUE;
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-30 06:00 UTC] sniper@php.net 
What does phpinfo() say about php version?
 [2003-04-30 10:49 UTC] Alla <svbevno at umailrusp dot am> 
phpinfo()
Build Date         Apr 26 2003 18:46:51  
Server             API  CGI/FastCGI  
PHP API            20020918  
PHP Extension      20020429  
Zend Extension     20021010  
Debug Build        no  
Thread Safety      enabled  
Registered PHP     Streams  php, http, ftp, compress.zlib
 [2003-04-30 12:04 UTC] derick@php.net 
This doesn't say ANYTHING about the version number. You're looking for the 4.x.x number in the top corner.
 [2003-04-30 12:16 UTC] Alla <svbevno at umailrusp dot am> 
PHP version is 4.3.2-RC
 [2003-05-20 19:08 UTC] fmk@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 02 20:00:01 2025 UTC