PHP :: Bug #23402 :: mssql_bind : Unhandled exception

Bug #23402

mssql_bind : Unhandled exception

Submitted:

2003-04-29 05:38 UTC

Modified:

2003-05-20 19:08 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

Alla <svbevno at umailrusp dot am>

Assigned:

Status:

Closed

Package:

MSSQL related

PHP Version:

4.3.2RC2

OS:

W2k

Private report:

CVE-ID:

None

View Developer Edit

[2003-04-29 05:38 UTC] Alla <svbevno at umailrusp dot am>

BUG: mssql_bind() causes memory access violation.

The second call to mssql_bind (without mssql_init) leads to memory access violation: 'memory can not be written'.
mssql_init()
mssql_bind()
mssql_execute()
mssql_bind()     // !!!!!!! CRASH !!!!!!!
mssql_execute()

==========================================================
LOCATION:

Module             : php4ts.dll, 
File               : php_mssql.c
Line               : ! CRASH ! (see below)

Cause              : zend_hash_add(..) return NULL for the output variable 'bindp', and this is not checked in the code

Possible Fix       : add: if( NULL == bindp ) RETURN_FALSE;

Existing code source:

PHP_FUNCTION(mssql_bind)
{
  ........
  memset((void*)&bind,0,sizeof(mssql_bind));

  zend_hash_add( 
     statement->binds,
     Z_STRVAL_PP(param_name),
     Z_STRLEN_PP(param_name),
     &bind,sizeof(mssql_bind),
     (void **)&bindp );         // bindp == NULL here!

  bindp->zval = *var;           // !!!!!! CRASH !!!!!!!

  zval_add_ref(var);

  if(.....) 
  {
    ......
  }

  RETURN_TRUE;
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-04-30 06:00 UTC] sniper@php.net

What does phpinfo() say about php version?

[2003-04-30 10:49 UTC] Alla <svbevno at umailrusp dot am>

phpinfo()
Build Date         Apr 26 2003 18:46:51  
Server             API  CGI/FastCGI  
PHP API            20020918  
PHP Extension      20020429  
Zend Extension     20021010  
Debug Build        no  
Thread Safety      enabled  
Registered PHP     Streams  php, http, ftp, compress.zlib

[2003-04-30 12:04 UTC] derick@php.net

This doesn't say ANYTHING about the version number. You're looking for the 4.x.x number in the top corner.

[2003-04-30 12:16 UTC] Alla <svbevno at umailrusp dot am>

PHP version is 4.3.2-RC

[2003-05-20 19:08 UTC] fmk@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 20:01:29 2024 UTC