PHP :: Bug #45373 :: php crash on query with errors in params

Bug #45373	php crash on query with errors in params
Submitted:	2008-06-27 06:36 UTC	Modified:	2008-10-06 15:09 UTC
From:	max_wer at ukr dot net	Assigned:	felipe (profile)
Status:	Closed	Package:	InterBase related
PHP Version:	5.2.6	OS:	Windows XP SP2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	max_wer at ukr dot net
New email:
PHP Version:		OS:

New Comment:

[2008-06-27 06:36 UTC] max_wer at ukr dot net

Description:
------------
php crash
where 
  count(params in ibase_execute()) > count(params in SQL-string) and
  query-type is not SELECT


Reproduce code:
---------------
$db  = ibase_connect('127.0.0.1:employee','sysdba','masterkey');
$sql = 
"update country set   currency = ? where country  = ? returning country, currency";/**/
/*"select * from  country where country = ? and currency = ?"; /**/

$t   = ibase_trans(IBASE_WRITE);
$q   = ibase_prepare($db,$t,$sql);
$r   = ibase_execute($q,'USA','Dollar'/*!!!With three param SELECT-OK UPDATE-CRASH*/ ,0/**/);

ibase_rollback($t);
ibase_close($db);

Expected result:
----------------
must be error message

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-07-01 06:27 UTC] lester at lsces dot co dot uk

I can confirm this is happening, but I also get a crash with the select rather than just update.
Unable to modify the SQL 'NOT' to give a crash - which is what I would probably expect since only the number of parameters matter not how they are used.
Firebird 2.0 and PHP5.2.5

[2008-07-01 09:24 UTC] max_wer at ukr dot net

I beg pardon. I was, probably, inattentive. SELECT query PHP crash too.
PHP 5.2.6 FIREBIRD 2.1.0

[2008-10-04 22:54 UTC] felipe@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2008-10-06 08:35 UTC] max_wer at ukr dot net

SEE http://andryg.sumy.ua/musor/bug_45373.htm (this report - HTML version)

Thread 0 - System ID 3920
Entry point   php+2fc2 
Create time   06.10.2008 10:44:32 
Time spent in user mode   0 Days 0:0:0.15 
Time spent in kernel mode   0 Days 0:0:0.46 






Function     Arg 1     Arg 2     Arg 3   Source 
php_interbase+3bfc     00000000     102c169c     00000008    
php5ts!php_error_docref0+23     00000000     00000000     00000000    




PHP_INTERBASE+3BFCWARNING - DebugDiag was not able to locate debug symbols for php_interbase.dll, so the information below may be incomplete.



In php__PID__3320__Date__10_06_2008__Time_10_44_43AM__679__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_interbase+3bfc in d:\http\bin\php526\ext\php_interbase.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000004 on thread 0

Module Information 
Image Name: d:\http\bin\php526\ext\php_interbase.dll   Symbol Type:  Export 
Base address: 0x01a40000   Time Stamp:  Sat May 03 01:02:36 2008  
Checksum: 0x00000000   Comments:  Thanks to Jouni Ahto, Andrew Avdeev, Ard Biesheuvel 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  InterBase 
ISAPIFilter: False   File Version:  5.2.6.6 
Managed DLL: False   Internal Name:  php_interbase.dll 
VB DLL: False   Legal Copyright:  Copyright ? 1997-2007 The PHP Group 
Loaded Image Name:  php_interbase.dll   Legal Trademarks:  PHP 
Mapped Image Name:  d:\http\bin\php526\ext\php_interbase.dll   Original filename:  php_interbase.dll 
Module name:  php_interbase   Private Build:   
Single Threaded:  False   Product Name:  PHP php_interbase.dll 
Module Size:  68,00 KBytes   Product Version:  5.2.6 
Symbol File Name:  php_interbase.dll   Special Build:  &

[2008-10-06 15:09 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 13:01:29 2024 UTC