php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23402 mssql_bind : Unhandled exception
Submitted: 2003-04-29 05:38 UTC Modified: 2003-05-20 19:08 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: Alla <svbevno at umailrusp dot am> Assigned:
Status: Closed Package: MSSQL related
PHP Version: 4.3.2RC2 OS: W2k
Private report: No CVE-ID:
 [2003-04-29 05:38 UTC] Alla <svbevno at umailrusp dot am>
BUG: mssql_bind() causes memory access violation.

The second call to mssql_bind (without mssql_init) leads to memory access violation: 'memory can not be written'.
mssql_init()
mssql_bind()
mssql_execute()
mssql_bind()     // !!!!!!! CRASH !!!!!!!
mssql_execute()

==========================================================
LOCATION:

Module             : php4ts.dll, 
File               : php_mssql.c
Line               : ! CRASH ! (see below)

Cause              : zend_hash_add(..) return NULL for the output variable 'bindp', and this is not checked in the code

Possible Fix       : add: if( NULL == bindp ) RETURN_FALSE;

Existing code source:

PHP_FUNCTION(mssql_bind)
{
  ........
  memset((void*)&bind,0,sizeof(mssql_bind));

  zend_hash_add( 
     statement->binds,
     Z_STRVAL_PP(param_name),
     Z_STRLEN_PP(param_name),
     &bind,sizeof(mssql_bind),
     (void **)&bindp );         // bindp == NULL here!

  bindp->zval = *var;           // !!!!!! CRASH !!!!!!!

  zval_add_ref(var);

  if(.....) 
  {
    ......
  }

  RETURN_TRUE;
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-30 06:00 UTC] sniper@php.net
What does phpinfo() say about php version?

 [2003-04-30 10:49 UTC] Alla <svbevno at umailrusp dot am>
phpinfo()
Build Date         Apr 26 2003 18:46:51  
Server             API  CGI/FastCGI  
PHP API            20020918  
PHP Extension      20020429  
Zend Extension     20021010  
Debug Build        no  
Thread Safety      enabled  
Registered PHP     Streams  php, http, ftp, compress.zlib
 [2003-04-30 12:04 UTC] derick@php.net
This doesn't say ANYTHING about the version number. You're looking for the 4.x.x number in the top corner.


 [2003-04-30 12:16 UTC] Alla <svbevno at umailrusp dot am>
PHP version is 4.3.2-RC
 [2003-05-20 19:08 UTC] fmk@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 22:02:05 2014 UTC