PHP :: Bug #42068 :: zend_mm_heap corrupted error when freeing resultset (Works with PDO ODBC)

Bug #42068

zend_mm_heap corrupted error when freeing resultset (Works with PDO ODBC)

Submitted:

2007-07-22 14:17 UTC

Modified:

2009-11-16 01:00 UTC

Votes:	14
Avg. Score:	4.2 ± 1.2
Reproduced:	11 of 12 (91.7%)
Same Version:	3 (27.3%)
Same OS:	6 (54.5%)

From:

macuyiko at gmail dot com

Assigned:

Status:

No Feedback

Package:

ODBC related

PHP Version:

5.2.3

OS:

Linux (64bit)

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	macuyiko at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2007-07-22 14:17 UTC] macuyiko at gmail dot com

Description:
------------
Using Intersystems' Cache 64 bit ODBC driver (libcacheodbc.so) with unixODBC causes PHP 5.2.3 to crash. (I never had a problem with the 32 bit driver.) Also, using another ODBC tool, like isql, works fine.

I have managed to track down this problem in PHP's source code, in php_odbc.c, in the function PHP_FUNCTION(odbc_free_result), there are the following lines:

//...start fragment...
ZEND_FETCH_RESOURCE(result, odbc_result *, pv_res, -1, "ODBC result", le_result);
if (result->values) {
 for (i = 0; i < result->numcols; i++) {
  if (result->values[i].value) { 
   efree(result->values[i].value);
  }
 }
 efree(result->values);
 result->values = NULL;
}
//...end fragment...

Commenting out the line:
efree(result->values);
causes PHP to Segfault.

Commenting out the line:
efree(result->values[i].value);
still gives the zend_mm_heap corrupted error.

When I comment out both lines, the problem disappears. But I fear that this might not be good practice.

So what could be causing this problem? It is only with the 64 bit driver/PHP/Linux that this error occurs. Using the 32 bit driver works. Other databases' ODBC drivers work fine too.

Note: this error was also present in PHP 5.2.1. In PHP 5.1.6, I got a "glibc double free detected"-error.

Reproduce code:
---------------
<?php
echo "Opening connection...\n";
$connection = odbc_connect($dsn,"",""); //connect to dsn
echo "Executing SQL...\n";
$result = odbc_do($connection,$sqlstring);
//optional code to do something with resultset here
/*the following line crashes PHP with zend_mm_heap corrupted
commenting out this line doesn't help (since the result will be freed
automatically anyway*/
echo "Freeing...\n";
odbc_free_result($result);
echo "Closing...\n";
odbc_close($connection);
echo "Done.\n";
?>

Expected result:
----------------
Opening connection...
Executing SQL...
Freeing...
Closing...
Done.

Actual result:
--------------
Opening connection...
Executing SQL...
Freeing...
zend_mm_heap corrupted

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-07-24 12:01 UTC] jani@php.net

Try using the PDO ODBC instead. It is known to work better in most cases.

[2007-07-24 14:25 UTC] macuyiko at gmail dot com

Using pdo-odbc works. I still use the normal odbc functions a lot though, but at least I have an alternative now.

I still wonder what could be causing this crash though.

[2009-11-08 16:09 UTC] felipe@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

I can't reproduce it.

[2009-11-16 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Nov 23 03:01:32 2024 UTC