php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27828 sybase_free_result() crashes
Submitted: 2004-04-01 15:59 UTC Modified: 2004-07-11 18:34 UTC
Votes:17
Avg. Score:4.7 ± 0.6
Reproduced:15 of 17 (88.2%)
Same Version:7 (46.7%)
Same OS:9 (60.0%)
From: deanb at gbtn dot net Assigned:
Status: Closed Package: Sybase-ct (ctlib) related
PHP Version: 4CVS, 5CVS (2004-04-02) OS: *
Private report: No CVE-ID: None
 [2004-04-01 15:59 UTC] deanb at gbtn dot net
Description:
------------
If I use sybase_free_result() in a script, then php crashes.  The exact same code works fine in php 4.3.4.

./configure  --with-sybase-ct=${SYBASE}
   --enable-track-vars 
   --without-mysql 
   --with-apache=../apache_1.3.29
   --disable-dba 
   --enable-session 

Reproduce code:
---------------
<?php
$db = sybase_connect("server", "user", "pass");
$res = sybase_query("select name from sysdatabases", $db);
while ($data = sybase_fetch_array($res)) {
        print "db: $data[0]\n";
        }
sybase_free_result($res);
sybase_close($db);
?>

Expected result:
----------------
a list of databases with no crashes

Actual result:
--------------
> php s.php
db: master
db: model
db: sybsystemprocs
db: tempdb
Segmentation fault (core dumped)

> dbx php core
dbx version 3.11.10
Type 'help' for help.
Core file created by program "php"

signal Segmentation fault at   [_efree:241 ,0x12013e7c8]        CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(dbx) where
>  0 _efree(ptr = 0x52667250203a6264) ["/app/apps/web/php-4.3.5/Zend/zend_alloc.c":241, 0x12013e7c8]
   1 php_sybase_finish_results(result = 0x1400cd5b8) ["/app/apps/web/php-4.3.5/ext/sybase_ct/php_sybase_ct.c":1011, 0x1200e766c]
   2 zif_sybase_free_result(ht = 1, return_value = 0x1400d8298, this_ptr = (nil), return_value_used = 0) ["/app/apps/web/php-4.3.5/ext/sybase_ct/php_sybase_ct.c":1602, 0x1200e8f20]
   3 execute(op_array = 0x1400c52d8) ["/app/apps/web/php-4.3.5/Zend/zend_execute.c":1621, 0x12016fdf4]
   4 zend_execute_scripts(type = 8, retval = (nil), file_count = 3) ["/app/apps/web/php-4.3.5/Zend/zend.c":889, 0x120155be0]
   5 php_execute_script(primary_file = 0x11fffec10) ["/app/apps/web/php-4.3.5/main/main.c":1731, 0x120116d84]
   6 main(argc = 2, argv = 0x11fffef28) ["/app/apps/web/php-4.3.5/sapi/cli/php_cli.c":822, 0x1201722e4]
(dbx) up
php_sybase_finish_results:1011  efree(result->tmp_buffer[i]);
(dbx) up
zif_sybase_free_result:1602  php_sybase_finish_results(result);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-02 04:21 UTC] tvoigt at informatik dot tu-cottbus dot de
Hi there!

The bug ist reproducible here on Debian Woody + apache-1.3.29/php >= 4.3.4RC3, too. 

It was most probably introduced while fixing http://bugs.php.net/bug.php?id=26407: sybase_free_result() works properly up to php-4.3.4RC2, but not with a patched 4.3.4RC2 to solve bug #26407 (that patch then made it into 4.3.4RC3).

Well, I'm sorry for not testing sybase_free_result() afterwards, never used it before...

Best regards,
Thomas
 [2004-04-02 13:20 UTC] deanb at gbtn dot net
Nope, same crash with php4-STABLE-200404021630.
 [2004-04-07 10:46 UTC] hager at transgene dot fr
Hello,
same bug with PHP5.0.0-RC1 and the latest PHP5 snapshot PHP5-200404071230 : sybase_free_result() crashes. Should I open a new bug report for PHP 5 ?
 [2004-04-13 09:41 UTC] r dot vanicek at seznam dot cz
It worked fine in PHP 4.3.4 and PHP 4.3.5RC2, but PHP 4.3.5 (final) is broken, and PHP 4.3.6RC3 is broken too. When sybase_free_result is called, there is segmentation fault (my system is Debian GNU/Linux woody, Apache 1.3.26).
 [2004-04-30 10:38 UTC] michail dot bachmann at cms dot hu-berlin dot de
Hello,

this bug still exists in 4.3.6. Calling sybase_free_result crashed Apache (Solaris 8, Apache 1.3.29, Sybase 12.0)

Does anyone has a workaround/patch available?
 [2004-05-06 17:27 UTC] michail dot bachmann at cms dot hu-berlin dot de
Hello again,

A workaround for this bug is to comment out the line 1602 in php_sybase_ct.c. This function must be broken for a while, since around line 1365 someone fixed the problem the same way.

Oh, BTW PHP crashes while freeing result->tmp_buffer in line 1013. Looks like something corrupts the memory around this variable.

HTH
 [2004-05-26 15:26 UTC] ljb220 at mindspring dot com
I just tested 4.3.7RC1 and the problem is fixed (although the bug number isn't reported in NEWS). Thanks, PHP team.
 [2004-07-11 18:34 UTC] thekid@php.net
Seems to be a duplicate of #28354, which has been fixed a while ago. I'll set this to fixed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 23:01:36 2024 UTC