PHP :: Bug #27828 :: sybase_free

Bug #27828

sybase_free_result() crashes

Submitted:

2004-04-01 15:59 UTC

Modified:

2004-07-11 18:34 UTC

Votes:	17
Avg. Score:	4.7 ± 0.6
Reproduced:	15 of 17 (88.2%)
Same Version:	7 (46.7%)
Same OS:	9 (60.0%)

From:

deanb at gbtn dot net

Assigned:

Status:

Closed

Package:

Sybase-ct (ctlib) related

PHP Version:

4CVS, 5CVS (2004-04-02)

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	deanb at gbtn dot net
New email:
PHP Version:		OS:

New Comment:

[2004-04-01 15:59 UTC] deanb at gbtn dot net

Description:
------------
If I use sybase_free_result() in a script, then php crashes.  The exact same code works fine in php 4.3.4.

./configure  --with-sybase-ct=${SYBASE}
   --enable-track-vars 
   --without-mysql 
   --with-apache=../apache_1.3.29
   --disable-dba 
   --enable-session 

Reproduce code:
---------------
<?php
$db = sybase_connect("server", "user", "pass");
$res = sybase_query("select name from sysdatabases", $db);
while ($data = sybase_fetch_array($res)) {
        print "db: $data[0]\n";
        }
sybase_free_result($res);
sybase_close($db);
?>

Expected result:
----------------
a list of databases with no crashes

Actual result:
--------------
> php s.php
db: master
db: model
db: sybsystemprocs
db: tempdb
Segmentation fault (core dumped)

> dbx php core
dbx version 3.11.10
Type 'help' for help.
Core file created by program "php"

signal Segmentation fault at   [_efree:241 ,0x12013e7c8]        CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(dbx) where
>  0 _efree(ptr = 0x52667250203a6264) ["/app/apps/web/php-4.3.5/Zend/zend_alloc.c":241, 0x12013e7c8]
   1 php_sybase_finish_results(result = 0x1400cd5b8) ["/app/apps/web/php-4.3.5/ext/sybase_ct/php_sybase_ct.c":1011, 0x1200e766c]
   2 zif_sybase_free_result(ht = 1, return_value = 0x1400d8298, this_ptr = (nil), return_value_used = 0) ["/app/apps/web/php-4.3.5/ext/sybase_ct/php_sybase_ct.c":1602, 0x1200e8f20]
   3 execute(op_array = 0x1400c52d8) ["/app/apps/web/php-4.3.5/Zend/zend_execute.c":1621, 0x12016fdf4]
   4 zend_execute_scripts(type = 8, retval = (nil), file_count = 3) ["/app/apps/web/php-4.3.5/Zend/zend.c":889, 0x120155be0]
   5 php_execute_script(primary_file = 0x11fffec10) ["/app/apps/web/php-4.3.5/main/main.c":1731, 0x120116d84]
   6 main(argc = 2, argv = 0x11fffef28) ["/app/apps/web/php-4.3.5/sapi/cli/php_cli.c":822, 0x1201722e4]
(dbx) up
php_sybase_finish_results:1011  efree(result->tmp_buffer[i]);
(dbx) up
zif_sybase_free_result:1602  php_sybase_finish_results(result);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-04-02 04:21 UTC] tvoigt at informatik dot tu-cottbus dot de

Hi there!

The bug ist reproducible here on Debian Woody + apache-1.3.29/php >= 4.3.4RC3, too. 

It was most probably introduced while fixing http://bugs.php.net/bug.php?id=26407: sybase_free_result() works properly up to php-4.3.4RC2, but not with a patched 4.3.4RC2 to solve bug #26407 (that patch then made it into 4.3.4RC3).

Well, I'm sorry for not testing sybase_free_result() afterwards, never used it before...

Best regards,
Thomas

[2004-04-02 06:12 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2004-04-02 13:20 UTC] deanb at gbtn dot net

Nope, same crash with php4-STABLE-200404021630.

[2004-04-07 10:46 UTC] hager at transgene dot fr

Hello,
same bug with PHP5.0.0-RC1 and the latest PHP5 snapshot PHP5-200404071230 : sybase_free_result() crashes. Should I open a new bug report for PHP 5 ?

[2004-04-13 09:41 UTC] r dot vanicek at seznam dot cz

It worked fine in PHP 4.3.4 and PHP 4.3.5RC2, but PHP 4.3.5 (final) is broken, and PHP 4.3.6RC3 is broken too. When sybase_free_result is called, there is segmentation fault (my system is Debian GNU/Linux woody, Apache 1.3.26).

[2004-04-30 10:38 UTC] michail dot bachmann at cms dot hu-berlin dot de

Hello,

this bug still exists in 4.3.6. Calling sybase_free_result crashed Apache (Solaris 8, Apache 1.3.29, Sybase 12.0)

Does anyone has a workaround/patch available?

[2004-05-06 17:27 UTC] michail dot bachmann at cms dot hu-berlin dot de

Hello again,

A workaround for this bug is to comment out the line 1602 in php_sybase_ct.c. This function must be broken for a while, since around line 1365 someone fixed the problem the same way.

Oh, BTW PHP crashes while freeing result->tmp_buffer in line 1013. Looks like something corrupts the memory around this variable.

HTH

[2004-05-26 15:26 UTC] ljb220 at mindspring dot com

I just tested 4.3.7RC1 and the problem is fixed (although the bug number isn't reported in NEWS). Thanks, PHP team.

[2004-07-11 18:34 UTC] thekid@php.net

Seems to be a duplicate of #28354, which has been fixed a while ago. I'll set this to fixed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC