php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25161 Segmentation fault executing php_sybase_query
Submitted: 2003-08-19 19:03 UTC Modified: 2003-08-26 01:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: nerijus at kis dot lt Assigned:
Status: No Feedback Package: Sybase-ct (ctlib) related
PHP Version: 4.3.3RC4 OS: 5.1-CURRENT (501105)
Private report: No CVE-ID: None
 [2003-08-19 19:03 UTC] nerijus at kis dot lt
Description:
------------
in some sql queryes i have Segmentation fault.
As i see it mey be in php sysbase_ct code or in self freedts

Reproduce code:
---------------
for (i=0; i<num_fields; i++) {
                ct_describe(sybase_ptr->cmd, i+1, &result->datafmt[i]);
                result->types[i] = result->datafmt[i].datatype;
                switch (result->datafmt[i].datatype) {
............. skip ........
                                break;
                        default:
                                result->datafmt[i].maxlength++;
                                result->numerics[i] = 0;
                                break;
                }
           result->tmp_buffer[i] = (char*)emalloc(result->datafmt[i].maxlength);


Expected result:
----------------
Normal sysbase_query() result variable

Actual result:
--------------
(gdb) bt
#0  0x2829932f in kill () from /lib/libc.so.5
#1  0x08129c7a in _emalloc (size=136172324, __zend_filename=0x0, __zend_lineno=1,
    __zend_orig_filename=0xfffffff7 <Error reading address 0xfffffff7: Bad address>,
    __zend_orig_lineno=4294867297) at /usr/ports/lang/php4/work/php-4.3.3RC4/Zend/zend_alloc.c:166
#2  0x080f324f in php_sybase_fetch_result_set (sybase_ptr=0x81dd324, buffered=0, store=0)
    at /usr/ports/lang/php4/work/php-4.3.3RC4/ext/sybase_ct/php_sybase_ct.c:1178
#3  0x080f3994 in php_sybase_query (ht=0, return_value=0x81e40e4, this_ptr=0x0, return_value_used=1,
    buffered=0) at /usr/ports/lang/php4/work/php-4.3.3RC4/ext/sybase_ct/php_sybase_ct.c:1363
#4  0x080f3cae in zif_sybase_query (ht=0, return_value=0x0, this_ptr=0x0, return_value_used=0)
    at /usr/ports/lang/php4/work/php-4.3.3RC4/ext/sybase_ct/php_sybase_ct.c:1476
#5  0x0814dbe0 in execute (op_array=0x81dd2a4)
    at /usr/ports/lang/php4/work/php-4.3.3RC4/Zend/zend_execute.c:1616
#6  0x0813c08b in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/ports/lang/php4/work/php-4.3.3RC4/Zend/zend.c:885
#7  0x08108c86 in php_execute_script (primary_file=0xbfbffb80)
    at /usr/ports/lang/php4/work/php-4.3.3RC4/main/main.c:1721
#8  0x08153e25 in main (argc=2, argv=0xbfbffbe0)
    at /usr/ports/lang/php4/work/php-4.3.3RC4/sapi/cli/php_cli.c:818
#9  0x0805f3f2 in _start ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-19 19:07 UTC] nerijus at kis dot lt
some fields in this loop get negative result->datafmt[i].datatype and negative result->datafmt[i].maxlength then emalloc() cound not allocate memory

p.s. sorrry from my english
 [2003-08-19 19:10 UTC] sniper@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


(and what OS is '5.1-CURRENT (501105)' anyway?)


 [2003-08-26 01:00 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 06 07:01:29 2024 UTC