PHP :: Bug #35552 :: access violation on any invalid odbc query

Bug #35552

access violation on any invalid odbc query

Submitted:

2005-12-05 06:15 UTC

Modified:

2006-05-16 22:50 UTC

Votes:	4
Avg. Score:	4.0 ± 1.0
Reproduced:	4 of 4 (100.0%)
Same Version:	2 (50.0%)
Same OS:	3 (75.0%)

From:

humbads at alum dot mit dot edu

Assigned:

wez (profile)

Status:

Closed

Package:

PDO related

PHP Version:

5CVS-2005-12-14 (snap)

OS:

Windows XP SP2

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	humbads at alum dot mit dot edu
New email:
PHP Version:		OS:

New Comment:

[2005-12-05 06:15 UTC] humbads at alum dot mit dot edu

Description:
------------
PHP crashes with a memory exception when running any query with invalid syntax.  The driver is PDO-ODBC-Visual Foxpro on Windows XP SP2.  The folder has full control permission for IUSR to the directory containing the Foxpro DBF files.

The exception dialog shows:
php-cgi.exe - Application Error
The instruction at "0x7c80a258" reference memory at "0x0000000c". The memory could not be "written".

Using the out-of-the box install of PHP 5.1.1 with pdo and pdo_odbc extensions loaded via php.ini.  Latest Visual Foxpro ODBC driver was downloaded from Microsoft website.


Reproduce code:
---------------
<?php
$db = new PDO("odbc:Driver={Microsoft Visual FoxPro Driver};SourceType=DBF;SourceDB=C:\\temp\\;Exclusive=No");
$db->query("any query with invalid syntax");
?>

Expected result:
----------------
Should give a proper error message, no?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-12-05 18:54 UTC] humbads at alum dot mit dot edu

This is with the latest snapshot release: php5.1-win32-200512051530.zip

Here is the stack trace:

>	kernel32.dll!_GetMBNoDefault@24()  + 0x6a	
 	kernel32.dll!_WideCharToMultiByte@32()  + 0x120	
 	odbc32.dll!_SQLError@32()  + 0xaa	
 	php_pdo_odbc.dll!pdo_odbc_error(_pdo_dbh_t * dbh=0x0071e6c8, _pdo_stmt_t * stmt=0x0071ebb8, void * statement=0x00000000, char * what=0x005f3194, const char * file=0x005f31cc, int line=175, void * * * tsrm_ls=0x00323f68)  Line 82	C
 	php_pdo_odbc.dll!odbc_handle_preparer(_pdo_dbh_t * dbh=0x0071e6c8, const char * sql=0x0071e878, long sql_len=13, _pdo_stmt_t * stmt=0x0071ebb8, _zval_struct * driver_options=0x00000000, void * * * tsrm_ls=0x00323f68)  Line 175 + 0x20	C
 	php_pdo.dll!zif_PDO_query(int ht=1, _zval_struct * return_value=0x0071e808, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x0071e878, int return_value_used=0, void * * * tsrm_ls=0x0000000d)  Line 992 + 0x2f	C
 	php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x0012fb38, void * * * tsrm_ls=0x00323f68)  Line 192 + 0x35	C
 	php5ts.dll!ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER(_zend_execute_data * execute_data=0x0012fb38, void * * * tsrm_ls=0x00323f68)  Line 314 + 0x11	C
 	php5ts.dll!execute(_zend_op_array * op_array=0x00320000, void * * * tsrm_ls=0x0071dda0)  Line 92 + 0xc	C
 	ntdll.dll!_RtlFreeHeap@12()  + 0x130	
 	ntdll.dll!_NtReadFile@36()  + 0xc	
 	kernel32.dll!_ReadFile@20()  + 0x8a	


Unhandled exception at 0x7c80a258 (kernel32.dll) in php-cgi.exe: 0xC0000005: Access violation writing location 0x0000000c.

[2005-12-14 06:02 UTC] wez@php.net

I made an adjustment to the way that we pull out the error information; I'm not sure that it will have resolved this particular issue, but it's worth trying it out while you're checking to see if #35620 is fixed.

[2005-12-14 09:11 UTC] humbads at alum dot mit dot edu

This one still gives an exception, but it is different from before.  The call stack is one thousand deep. I'm using snapshot php5.1-win32-200512140730.zip.

Unhandled exception at 0x005f1164 (php_pdo_odbc.dll) in php-cgi.exe: 0xC0000005: Access violation writing location 0x00000012.

>	php_pdo_odbc.dll!pdo_odbc_error(_pdo_dbh_t * dbh=0x0071e338, _pdo_stmt_t * stmt=0x0071e850, void * statement=0x00000000, char * what=0x005f3194, const char * file=0x005f31cc, int line=202, void * * * tsrm_ls=0x00324090)  Line 101 + 0x7	C
 	php_pdo_odbc.dll!odbc_handle_preparer(_pdo_dbh_t * dbh=0x0071e338, const char * sql=0x0071e510, long sql_len=13, _pdo_stmt_t * stmt=0x0071e850, _zval_struct * driver_options=0x00000000, void * * * tsrm_ls=0x00324090)  Line 202 + 0x20	C
 	php_pdo.dll!zif_PDO_query(int ht=1, _zval_struct * return_value=0x0071e4a0, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x0071e510, int return_value_used=0, void * * * tsrm_ls=0x0000000d)  Line 992 + 0x2f	C
 	php5ts.dll!10018d52() 	
 	php5ts.dll!100b4b32() 	
 	php5ts.dll!10018765() 	
 	php5ts.dll!100186e5() 	
 	php5ts.dll!10008d52() 	
... ... REPEATS MANY TIMES
 	php5ts.dll!100a7b94() 	
 	php5ts.dll!10002e2d() 	
 	msvcrt.dll!_free()  + 0xc3	
 	ntdll.dll!_RtlFreeHeap@12()  + 0x130	
 	00300030()	
 	odbc32.dll!_SearchStatusCode@8()  + 0x25	
 	odbc32.dll!_MPLeaveCriticalSection()  + 0x17	
 	0012fa34()	
 	odbc32.dll!_SQLPrepare@12()  + 0x96	
 	php_pdo_odbc.dll!odbc_handle_preparer(_pdo_dbh_t * dbh=0x0071e338, const char * sql=0x0071e510, long sql_len=13, _pdo_stmt_t * stmt=0x0071e850, _zval_struct * driver_options=0x00000000, void * * * tsrm_ls=0x00324090)  Line 202 + 0x20	C
 	php_pdo.dll!zif_PDO_query(int ht=1, _zval_struct * return_value=0x0071e4a0, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x0071e510, int return_value_used=0, void * * * tsrm_ls=0x0000000d)  Line 992 + 0x2f	C
 	php5ts.dll!10018d52() 	
 	php5ts.dll!100b4b32() 	
 	php5ts.dll!10018765() 	
 	php5ts.dll!100186e5() 	
 	php5ts.dll!10008d52()

[2005-12-23 12:55 UTC] markus at fischer dot name

I'm expiriencing the same behaviour with pdo_odbc and the M$ Access Driver. I can verify this with this snapshot: php5.1-win32-200512231130.zip

My testcase is:
$sDsn = 'odbc:driver={Microsoft Access Driver (*.mdb)};Dbq=beispieldatenbank.mdb;';
$oPdo = new PDO($sDsn);
$oPdo->query('SELEC * FROM ADDRESSES');

[2006-04-30 00:52 UTC] wez@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fix will be in 5.1.4

[2006-05-16 22:50 UTC] humbads at alum dot mit dot edu

Confirmed fix in 5.1.4.  Note, you have to print $db->errorInfo() to see the actual error message.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Jan 30 18:01:29 2025 UTC