php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #12339 Seg Fault in PHP under 2k /w ODBC and Globals (apparently)...
Submitted: 2001-07-24 10:20 UTC Modified: 2002-02-15 12:26 UTC
From: nlange at usb dot com Assigned:
Status: No Feedback Package: ODBC related
PHP Version: 4.0.6 OS: Win2k
Private report: No CVE-ID: None
 [2001-07-24 10:20 UTC] nlange at usb dot com
All right, this is a rough one to report as I only have vagure ideas as to what's going on ... but it really sucks either way. 

the function call...

report($queryusa,$uasusa_trans,$uasusa_style,"User does not have access to any systems",sizeof($uasusa_trans)*2,0,"System Access");

the function 

function report($query, $tarray,$sarray, $empty_msg,$total,$is_last = 0, $zhead="")

The crash

the overwrite (I'm convinced it's an overwrite because EIP is 0x00d72f10 and memory is the same value, and a rudimentary jump (albeit confusedly)into msdev vdebug showed something similar)
happens at the call to odbc prepare...

$sh = odbc_prepare($DBH,$query) or die (odbc_errormsg().$query);

the odbc_connect looks like
$DBH = odbc_connect($GLOBALS['DSN'],$GLOBALS['DSN_USER'],$GLOBALS['DSN_PW']) or die (odbc_errormsg());

as it stands now I am under a deadline so I can't dig too deep (I have to find a workaround) ,but I'll follow up  with any supplemental material I can..
oh, ODBC Driver is Tandem NONStop..

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-07-24 10:31 UTC] andy@php.net
could you send in a short, yet more complete script than what
you have given us now.
 [2001-07-24 10:47 UTC] nlange at usb dot com
Sigh...
I'm not so sure it's with globals anymore, I just knowit's with ODBC
I had this problem once before and ended up re-writing and inlining all my code to get it go away. (side note, php cvs build for win2k from php4win project (approaching 4.0.7 release) exhibited the same problem)
this particular file is also the only one to crash out of all the php files.. what makes it unique is the rather long subroutine
but I've gotten a stack trace and some more information
it dies with the following
<b>Fatal error</b>:  Call to undefined function:  () in <b>C:\dev\isis\web\view_
user_info.php</b> on line <b>39</b><br>
and it's 0Xc00000005, typically a buffer issue...
01222f10()
ODBC32! 1f7d792e()
ODBC32! 1f7d7866()
PHP4TS! 100026a9()
PHP! 00401a43()
PHP! 0040207b()
KERNEL32! 77e97d08()

echo's removed, but assignments left in to give a general idea what's going on...

Offending Trimmed Code
----------------------
        function report($query, $tarray,$sarray, $empty_msg,$total,$is_last = 0, $zhead="")
        {
              $dmy = sizeof($tarray); //dummy var
              $elem_colspan = ((($total-($total%$dmy))/$dmy) == 1)?"":"COLSPAN =\"".(($total-($total%$dmy))/$dmy)."\"";
              //header on table 1
              if (strlen($zhead)>0)
              {
                  $CLASS = "CLASS=\"".$sarray['Header']['Class']."\""; 
                  $STYLE = "STYLE=\"".$sarray['Header']['Style']."\"";
                  
              }
              foreach ($tarray as $header => $tname)
              {
                    $CLASS = ($sarray[$header]['THClass'] != '')?"CLASS=\"".$sarray[$header]['THClass']."\"":"CLASS=\"sort\"";
                    $STYLE = ($sarray[$header]['THStyle'] != '')?"STYLE=\"".$sarray[$header]['THStyle']."\"":"";
              }
              echo "</TR>\n";
              $DBHX = odbc_connect("QUAL7000","QUAL_RPT","QUALRPT") or die (odbc_errormsg());
/**********************
Dies Here 
*************************/
              $sh = odbc_prepare($DBHX,$query) or die (odbc_errormsg().$query);
              odbc_execute($sh) or die (odbc_errormsg());
              $rownum = 0;
              while(odbc_fetch_into($sh,$rownum,$rez))
              {
              	    $trim_row($rez);
                    reset($rez);
                    foreach ($tarray as $header => $s)
                    {
                            $CLASS = ($sarray[$header]['TDClass'] != '')?"CLASS=\"".$sarray[$header]['TDClass']."\"":"CLASS=\"main\"";
                            $STYLE = ($sarray[$header]['TDStyle'] != '')?"STYLE=\"".$sarray[$header]['TDStyle']." $x\"":"STYLE=\"$x\"";
                            next($rez);
                    }
              }
              if (odbc_num_rows($sh) == 0)
              {
                    $c = 0;
                    foreach ($tarray as $header => $s)
                    {
                            $CLASS = ($sarray[$header]['TDClass'] != '')?"CLASS=\"".$sarray[$header]['TDClass']."\"":"CLASS=\"main\"";
                            $STYLE = ($sarray[$header]['TDStyle'] != '')?"STYLE=\"".$sarray[$header]['TDStyle']." $x\"":"STYLE=\"$x\"";
                            if ((++$c) < sizeof($tarray))
                            {
                            }
                            else
                            {
                            }
                    }
                    echo '</TR>';
              }

              odbc_free_result($sh);
              odbc_close($DBHX);
        }

   report($queryuso,$uasuso_trans,$uasuso_style,"User does not have access to any objects",sizeof($uasusa_trans)*2,1,"Object Access");
   
 [2001-07-24 10:49 UTC] nlange at usb dot com
Ok... 
Changing the connect to a pconnect, removing the out db connection (which was closed via odbc_close())
solves the problem.. so what exactly is going on I don't know...
nick
 [2001-08-20 12:04 UTC] sniper@php.net
status -> open.

 [2002-01-21 09:19 UTC] kalowsky@php.net
Please try the latest release.  There have been a couple bug fixes in it regarding windows releases.
 [2002-02-15 12:26 UTC] kalowsky@php.net
No feedback was provided for this bug, so it is being suspended.
If you are able to provide the information that was requested,
please do so and change the status of the bug back to "Open".


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC