PHP :: Bug #30312 :: sybase_unbuffered

Bug #30312

sybase_unbuffered_query calls

Submitted:

2004-10-02 20:44 UTC

Modified:

2008-11-08 14:08 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

dfleury2 at libertysurf dot fr

Assigned:

thekid (profile)

Status:

Closed

Package:

Sybase-ct (ctlib) related

PHP Version:

5.1.3, 4.4.2

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dfleury2 at libertysurf dot fr
New email:
PHP Version:		OS:

New Comment:

[2004-10-02 20:44 UTC] dfleury2 at libertysurf dot fr

Description:
------------
Two calls to sybase_unbuffered_query core Apache.

To correct the problem before somelse those it
perfectly, I had add a return after
php_sybase_finish_results(result);


/* Forward declaration */
static int php_sybase_finish_results (sybase_result *result);

static void php_free_sybase_result(zend_rsrc_list_entry *rsrc TSRMLS_DC)
{
    sybase_result *result = (sybase_result *)rsrc->ptr;

    /* Check to see if we've read all rows */
    if (result->sybase_ptr && result->sybase_ptr->active_result_index) {
        if (result->sybase_ptr->cmd) {
            ct_cancel(NULL, result->sybase_ptr->cmd, CS_CANCEL_ALL);
        }
        php_sybase_finish_results(result);
        return;    // correction
    }

    _free_sybase_result(result);
}


Reproduce code:
---------------
<?php
    $db     = sybase_connect( 'LOCALHOST', 'sa', '' );

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );

    echo $array[ 0 ];
    echo '<br>';

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );
    echo $array[ 0 ];
?>


Expected result:
----------------
2-Oct-2004 18:42:50
2-Oct-2004 18:42:50


Actual result:
--------------
Core dump

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-10-03 20:21 UTC] dfleury2 at libertysurf dot fr

Description:
------------
Two calls to sybase_unbuffered_query core Apache.

To correct the problem before somelse those it
perfectly, I had add a return after
php_sybase_finish_results(result);

/* Forward declaration */
static int php_sybase_finish_results (sybase_result *result);

static void php_free_sybase_result(zend_rsrc_list_entry *rsrc
TSRMLS_DC)
{
    sybase_result *result = (sybase_result *)rsrc->ptr;

    /* Check to see if we've read all rows */
    if (result->sybase_ptr && result->sybase_ptr->active_result_index)
{
        if (result->sybase_ptr->cmd) {
            ct_cancel(NULL, result->sybase_ptr->cmd, CS_CANCEL_ALL);
        }
        php_sybase_finish_results(result);
        return;    // correction
    }

    _free_sybase_result(result);
}

Reproduce code:
---------------
<?php
    $db     = sybase_connect( 'LOCALHOST', 'sa', '' );

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );

    echo $array[ 0 ];
    echo '<br>';

    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );
    echo $array[ 0 ];
?>

Expected result:
----------------
2-Oct-2004 18:42:50
2-Oct-2004 18:42:50

Actual result:
--------------
Core dump

(gdb) bt
#0  0x080e2890 in _free_sybase_result (result=0x81cb89c)
    at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:128
#1  0x080e2acc in php_free_sybase_result (rsrc=0x81b86f4)
    at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:161
#2  0x0812cfa0 in list_entry_destructor (ptr=0x81b86f4)
    at /home/david/Documents/php-4.3.9/Zend/zend_list.c:177
#3  0x0812add1 in zend_hash_del_key_or_index (ht=0x8177ce8, arKey=0x0, nKeyLength=0, h=5, flag=1)
    at /home/david/Documents/php-4.3.9/Zend/zend_hash.c:527
#4  0x0812cc92 in _zend_list_delete (id=5) at /home/david/Documents/php-4.3.9/Zend/zend_list.c:56
#5  0x08123a95 in _zval_dtor (zvalue=0x81c6a2c, 
    __zend_filename=0x8163dc4 "/home/david/Documents/php-4.3.9/Zend/zend_execute_API.c", 
    __zend_lineno=291) at /home/david/Documents/php-4.3.9/Zend/zend_variables.c:69
#6  0x0811a9eb in _zval_ptr_dtor (zval_ptr=0xbfffcad0, 
    __zend_filename=0x814dd58 "/home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c", 
    __zend_lineno=1426) at /home/david/Documents/php-4.3.9/Zend/zend_execute_API.c:291
#7  0x080e6ffd in php_sybase_query (ht=1, return_value=0x81c69ec, this_ptr=0x0, return_value_used=1, 
    buffered=1) at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:1426
#8  0x080e74f7 in zif_sybase_unbuffered_query (ht=1, return_value=0x81c69ec, this_ptr=0x0, 
    return_value_used=1) at /home/david/Documents/php-4.3.9/ext/sybase_ct/php_sybase_ct.c:1634
#9  0x08137694 in execute (op_array=0x81c3b84)
    at /home/david/Documents/php-4.3.9/Zend/zend_execute.c:1640
#10 0x08125735 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/david/Documents/php-4.3.9/Zend/zend.c:891
#11 0x080ef2c6 in php_execute_script (primary_file=0xbffff240)
---Type <return> to continue, or q <return> to quit---
    at /home/david/Documents/php-4.3.9/main/main.c:1735
#12 0x0813d2fa in main (argc=2, argv=0xbffff304)
    at /home/david/Documents/php-4.3.9/sapi/cli/php_cli.c:822

[2005-02-03 21:11 UTC] dfleury2 at libertysurf dot fr

The problem still here. (php_sybase_ct.c didn't move)

A free avoid the core, but the array is corrupted for the second fetch.

<?php
    $db     = sybase_connect( 'LOCALHOST', 'sa', '' );
 
    $query  = sybase_unbuffered_query( 'select getdate()' );
    $array  = sybase_fetch_array( $query );
    var_dump( $array );
    sybase_free_result( $query );
 
    $query  = sybase_unbuffered_query( 'select getdate(), getdate()' );
    while( $array  = sybase_fetch_array( $query ) )
        var_dump( $array );
//    sybase_free_result( $query );
?>

[2005-02-06 15:35 UTC] thekid@php.net

Sorry, I cannot reproduce this, neither with apache / mod_php4 nor with cli-php. Maybe this is because I'm using FreeTDS (and not the ct-libs?)

I added a test case to the PHP test system (http://cvs.php.net/co.php/php-src/ext/sybase_ct/tests/bug30312.phpt)

which worked fine for me.

I can see a possible double-free in the sourcecode. Maybe could you try the following patch:

http://sitten-polizei.de/bug30312.patch

[2005-02-07 22:01 UTC] dfleury2 at libertysurf dot fr

The patch seems to work for the first example but not this one.
<?php
    $db   = sybase_connect( 'LOCALHOST', 'sa', '' );
 
    $query= sybase_unbuffered_query( 'select getdate()' );
    $array= sybase_fetch_array( $query );
    var_dump( $array );
    sybase_free_result( $query );
 
    $query  = sybase_unbuffered_query( 'select getdate(), getdate()' );
    $array  = sybase_fetch_array( $query );
    var_dump( $array );
 
    sybase_free_result( $query );
?>
 
OUTPUT
------------
array(2) {
  [0]=>
  string(19) "Feb  7 2005  2:18PM"
  ["computed"]=>
  string(19) "Feb  7 2005  2:18PM"
}
array(4) {
  [0]=>
  string(19) "Feb  7 2005  2:18PM"
  ["8"]=>
  string(19) "Feb  7 2005  2:18PM"
  [1]=>
  string(19) "Feb  7 2005  2:18PM"
  ["?"]=>
  string(19) "Feb  7 2005  2:18PM"
}
Bus error
 
with the patch a sample like this didn't work.
(I not sure if it's a legitimate code)
 
<?php
    $db     = sybase_connect( 'LOCAHOST', 'sa', '' );
 
    $i = 0;
    while( 1 )
    {
        $query = sybase_unbuffered_query( 'select * from big_table' );
        $array = sybase_fetch_array( $query );
        echo $i++." \n";
    }
?>
 

but I got :
Warning: sybase_fetch_array(): supplied argument is not a valid Sybase result resource in /tmp_mnt/users/fxa/fle
ury/divers/php/test2.php on line 8
 
(work fine in 4.3.8 but with memory leaks).

[2006-05-02 16:36 UTC] dfleury2 at libertysurf dot fr

The bugs are still here in the 5.1.3 release.

[2007-01-19 19:40 UTC] lobster2 at xs4all dot nl

The use of sybase_query instead of sybase_unbuffered_query solved the core dumps in my case (PHP 4.4.0 & 5.2.0 CLI with Sybase 12.5.3 on AIX 5.2).

I used the sybase_unbuffered_query calls with the third parameter = false. The second sql query call in the script would crash the process every time, surviving only the first fetch on the result set.

[2008-11-08 14:08 UTC] thekid@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Looks as if a double-free caused this problem. Tests from ext/sybase_ct/tests now all work.

Fixed in PHP_5_3 branch, PHP_5_2 will follow.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC