php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #43578 Incurred fault #6 - if returned textfield ist empty
Submitted: 2007-12-12 10:28 UTC Modified: 2010-08-28 16:59 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: schulmat at cms dot hu-berlin dot de Assigned: thekid (profile)
Status: Closed Package: Sybase-ct (ctlib) related
PHP Version: 5.2.5 OS: Solaris 9/10
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: schulmat at cms dot hu-berlin dot de
New email:
PHP Version: OS:

 

 [2007-12-12 10:28 UTC] schulmat at cms dot hu-berlin dot de 
Description:
------------
The problem can reproduced on Solaris 9 and Solaris 10.
If I compile php with
./configure \
--prefix=/usr/local/wwwbin/php-5.2.5 \
--with-apxs2=/usr/local/wwwbin/apache/bin/apxs \ (Apache 2.2.6)
--with-sybase-ct=/opt/csw (freetds-version 0.64 from blastwave)

and perform this simple query:
select DC_Rights from Resource R where R.Resource_ID = 123; 
(DC_Rights type text, Resource_ID = 123 exists, should return "(empty) not NULL, works via tsql)
i get "Incurred fault #6".

Reproduce code:
---------------
<?php
 require("DBConnection.cls.php");  // database connection
 $db=new DBConnection();           // new object

 $test = "set textsize 262144";
 echo $test."<br />";
 //$db->submitQuery($test); flush();

 $query = "select DC_Rights from Resource R where R.Resource_ID = 122"; // expected Result: NULL
 flush();
 $res_id = $db->submitQuery($query); // works!

 $query = "select DC_Rights from Resource R where R.Resource_ID = 123"; // expected Result: ""
 flush();
 $res_id = $db->submitQuery($query); // doesn't work. Apache: Segmentation fault (11)

 echo "done!"; 
 flush(); 
 exit();
?>

Expected result:
----------------
set textsize 262144
select DC_Rights from Resource R where R.Resource_ID = 122
select DC_Rights from Resource R where R.Resource_ID = 123
done!

Actual result:
--------------
Output:
Warning: sybase_connect() [function.sybase-connect]: Sybase: Server message: Changed client character set setting to 'iso_1'. (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 7

Warning: sybase_connect() [function.sybase-connect]: Sybase: Server message: Changed database context to 'metadb'. (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 7

Warning: sybase_select_db() [function.sybase-select-db]: Sybase: Server message: Changed database context to 'metadb'. (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 10
set textsize 262144
select DC_Rights from Resource R where R.Resource_ID = 27397
select DC_Rights from Resource R where R.Resource_ID = 20676



truss output php-cli:
time()                                          = 1197455005
pollsys(0xFFBFE900, 1, 0x00000000, 0x00000000)  = 1
read(4, "FD\0\0\002\0\0\0\0", 9)                = 9
time()                                          = 1197455005
time()                                          = 1197455005
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
pollsys(0xFFBFEBE8, 1, 0x00000000, 0x00000000)  = 1
write(4, "0F01\018\0\0\0\0 !\0\0\0".., 24)      = 24
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
time()                                          = 1197455005
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "0401\0 r\0\0\0\0", 8)                  = 8
time()                                          = 1197455005
time()                                          = 1197455005
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "E3\00F0106 m e t a d b06".., 106)      = 106
time()                                          = 1197455005
write(1, "\n W a r n i n g :   s y".., 177)     = 177

Warning: sybase_select_db(): Sybase:  Server message:  Changed database context to 'metadb'.
 (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 10
write(1, " s e l e c t   D C _ R i".., 64)      = 64
time()                                          = 1197453664
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
pollsys(0xFFBFEBE8, 1, 0x00000000, 0x00000000)  = 1
write(4, "0F01\0 J\0\0\0\0 !\0\0\0".., 74)      = 74
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "0401\0 ;\0\0\0\0", 8)                  = 8
time()                                          = 1197453664
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "EE\0 !\001\t D C _ R i g".., 51)       = 51
time()                                          = 1197453664
write(1, " s e l e c t   D C _ R i".., 64)      = 64
time()                                          = 1197453664
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
pollsys(0xFFBFEBE8, 1, 0x00000000, 0x00000000)  = 1
write(4, "0F01\0 J\0\0\0\0 !\0\0\0".., 74)      = 74
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "0401\0 W\0\0\0\0", 8)                  = 8
time()                                          = 1197453664
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "EE\0 !\001\t D C _ R i g".., 79)       = 79
time()                                          = 1197453664
    Incurred fault #6, FLTBOUNDS  %pc = 0xFEC40E48
      siginfo: SIGSEGV SEGV_MAPERR addr=0x004DE000
    Received signal #11, SIGSEGV [default]
      siginfo: SIGSEGV SEGV_MAPERR addr=0x004DE000

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-09 10:47 UTC] thekid@php.net 
I added a testcase for this bug but am currently not able to reproduce this issue. See:

http://cvs.php.net/viewvc.cgi/php-src/ext/sybase_ct/tests/bug43578.phpt?revision=1.1.2.1&view=markup&pathrev=PHP_5_3
 [2009-04-27 15:57 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2009-05-05 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-01-15 22:27 UTC] darrick at davismedia dot org 
I get the following after running the test case:

PHP Warning:  Module 'pdo_mysql' already loaded in Unknown on line 0
bool(true)
bool(true)
bool(true)
bool(true)
>>> Query: select DC_Rights from #Resource where Resource_ID = 122
<<< Return: resource
array(0) {
}
>>> Query: select DC_Rights from #Resource where Resource_ID = 123
<<< Return: resource
array(1) {
  [0]=>
  array(1) {
    ["DC_Rights"]=>
    NULL
  }
}
>>> Query: select DC_Rights from #Resource where Resource_ID = 124
Segmentation fault: 11 (core dumped)

This is on 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 10:35:36 UTC 2008     root@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

But, I also have the same trouble on a ubuntu box.

PHP 5.2.12 with Suhosin-Patch 0.9.7 (cli) (built: Jan  9 2010 14:15:45) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
    with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator

tds version = 7.0 and tds_version = 8.0 both fail

Database is MSSQL Server Express Edition version 9.00.1399.06

The following patch fixes the issue but it's a hack.  I compiled php5-sybase_ct with debug enabled and the seg fault occurred at line 1208.

--- php_sybase_ct2.c	2010-01-15 14:03:13.000000000 -0800
+++ php_sybase_ct.c	2010-01-15 14:00:15.000000000 -0800
@@ -1205,6 +1205,7 @@ static int php_sybase_fetch_result_row (
 					
 					default: {
 						/* This indicates anything else, return it as string */
+                     if(result->lengths[j] < 1){result->lengths[j]=1;}
 						ZVAL_STRINGL(&result->data[i][j], result->tmp_buffer[j], result->lengths[j]- 1, 1);
 						break;
 					}

My guess is ct_bind is returning an indicator of -1 on some systems for text fields == '' so there is no seg fault. While on systems which seg fault the indicator from ct_bind is 0 for text fields == ''.
 [2010-08-28 16:59 UTC] thekid@php.net
-Status: No Feedback +Status: Closed
 [2010-08-28 16:59 UTC] thekid@php.net 
This was fixed in http://svn.php.net/viewvc?view=revision&revision=300490
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 11:01:30 2024 UTC