php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #17173 "case" causes AV
Submitted: 2002-05-13 03:51 UTC Modified: 2003-08-17 15:24 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: mbretter at jawa dot at Assigned:
Status: Wont fix Package: COM related
PHP Version: 4.3.3RC4-dev OS: win32
Private report: No CVE-ID: None
 [2002-05-13 03:51 UTC] mbretter at jawa dot at
This script let php crash.
The Problem is the case-statement in the convert_field_crash-function, but with an If-statement this crash doesen't occur.

<?php

define('adDBTimeStamp', 135);

$conn = new COM( "ADODB.Connection" );

$rs = new COM( "ADODB.Recordset" );
$conn->Provider = 'SQLOLEDB';
$conn->Open( "Server=wincubix;Uid=oebb;Pwd=oebb;Database=cubix" );
@$rs->Open( "SELECT * FROM news ", $conn);

echo '<table>';
while (!$rs->EOF) {
	echo '<tr>';
    for ($i=0; $i < $rs->Fields->Count(); $i++) {
   		echo '<td>';
		echo convert_field_crash($rs->Fields[$i]);
   		echo '</td>';
    }
	echo '</tr>';
    $rs->MoveNext();
}
echo '</table>';

$rs->Close;
$conn->Close;

$rs->Release();
$rs = null;

$conn->Release();
$conn = null;

function convert_field($field) {
	if ($field->type == adDBTimeStamp) {
		if (empty($field->Value)) return '';
		return strftime('%Y-%m-%d %T', $field->value);
	} else {
		return $field->Value;
	}
}

function convert_field_crash($field) {
	// case verursacht AV
	switch($field->type) {
		case adDBTimeStamp:
			return strftime('%Y-%m-%d %T', $field->value);
			break;
		default:
			return $field->Value;
	}
}

?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-05-13 04:38 UTC] mfischer@php.net
There have been a few changes to the COM extension since the 4.1.2 release. Please try a new version or even a snapshot from http://bugs.php.net/?id=17173&edit=1
 [2002-05-13 09:44 UTC] mbretter at jawa dot at
The AV still exists, 
I tried the latest Snapshot from snaps.php.net
 [2002-05-30 08:55 UTC] phanto@php.net
what is the correspondent value and datatype in the db that causes the crash ?
checking for empty will always result in TRUE because 'value' is not an actual property but only an overloaded action that calls com_propget() so empty() doesn't see it as property (i assume strftime() never gets called in your script).
 [2002-05-30 19:40 UTC] phanto@php.net
please can you verify this with a recent cvs snapshot
 [2002-06-12 14:13 UTC] mbretter at inode dot at
Now I had the chance to try it with latest php (11.06.2002).

Now the System doesen't crash, instead the php-process hangs, also the max_execution_time doesen't end the php-process.
 [2002-06-13 09:17 UTC] mbretter at inode dot at
also this lets php hang:(Assigning a Connection to a Recordset)

$conn = new COM( "ADODB.Connection" );

$rs = new COM( "ADODB.Recordset" );
$rs2 = new COM( "ADODB.Recordset" );
$conn->Provider = 'SQLOLEDB';
$conn->Open( "Server=wincubix;Uid=oebb;Pwd=oebb;Database=cubix" );

$rs2->Connection = $conn;
@$rs->Open( "SELECT * FROM news ", $conn);
 [2002-08-05 19:44 UTC] phanto@php.net
the crash caused by your second script is fixed now. actually it was caused by an error in your script as the right property is ->ActiveConnection and not ->Connection and there was a NULL pointer reference in the error handler function :)
the first bug is a bug in the engine, thus i'll reclassify the bugreport.
 [2002-08-05 19:48 UTC] phanto@php.net
reclassify:

switch($obj->prop) {..} does not work on overloaded objects, a NULL zval is passed as the property_reference parameter to the get_property handler.

here is a short sample script:

$field = new variant("huh");
convert_field($field);

function convert_field($field) {
	$tmp = $field->type;
	switch($tmp) {
		case 123:
			break;
		default:
			return $field->value;
	}
}

function convert_field_crash($field) {
	switch($field->type) {
		case 123:
			break;
		default:
			return $field->value;
	}
}
 [2003-02-08 00:48 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Wrong PHP version string caused this bug to get lost..

 [2003-04-04 03:51 UTC] mbretter@php.net
The problem isn't solved, I tried it with PHP4.3.2RC1 and the original example lets PHP crash.

The second example by Phanto works now.
 [2003-04-11 05:44 UTC] webmaster at starbike dot com
Same here.
I'm using 4.3.1 on the server and on my dev machine.
It hangs on the server when calling

$conn = new COM("ADODB.Connection");

On my dev machine it works.
Only difference is, that is have ADO 2.5 on my dev machine
and ADO 2.7 on the server.
So the new 2.7 seems to cause problems.
 [2003-07-25 04:32 UTC] mbretter at jawa dot at
still the same => segfault
 [2003-08-17 15:24 UTC] iliaa@php.net
The com extension has been completely rewritten in PHP5 and the PHP4 com extension is no longer being maintained. If you find bugs with the com extension in PHP5 please report them.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 05:01:30 2024 UTC