PHP :: Bug #27828 :: sybase_free

Bug #27828

sybase_free_result() crashes

Submitted:

2004-04-01 15:59 UTC

Modified:

2004-07-11 18:34 UTC

Votes:	17
Avg. Score:	4.7 ± 0.6
Reproduced:	15 of 17 (88.2%)
Same Version:	7 (46.7%)
Same OS:	9 (60.0%)

From:

deanb at gbtn dot net

Assigned:

Status:

Closed

Package:

Sybase-ct (ctlib) related

PHP Version:

4CVS, 5CVS (2004-04-02)

OS:

Private report:

CVE-ID:

None

View Developer Edit

[2004-04-01 15:59 UTC] deanb at gbtn dot net

Description:
------------
If I use sybase_free_result() in a script, then php crashes.  The exact same code works fine in php 4.3.4.

./configure  --with-sybase-ct=${SYBASE}
   --enable-track-vars 
   --without-mysql 
   --with-apache=../apache_1.3.29
   --disable-dba 
   --enable-session 

Reproduce code:
---------------
<?php
$db = sybase_connect("server", "user", "pass");
$res = sybase_query("select name from sysdatabases", $db);
while ($data = sybase_fetch_array($res)) {
        print "db: $data[0]\n";
        }
sybase_free_result($res);
sybase_close($db);
?>

Expected result:
----------------
a list of databases with no crashes

Actual result:
--------------
> php s.php
db: master
db: model
db: sybsystemprocs
db: tempdb
Segmentation fault (core dumped)

> dbx php core
dbx version 3.11.10
Type 'help' for help.
Core file created by program "php"

signal Segmentation fault at   [_efree:241 ,0x12013e7c8]        CALCULATE_REAL_SIZE_AND_CACHE_INDEX(p->size);
(dbx) where
>  0 _efree(ptr = 0x52667250203a6264) ["/app/apps/web/php-4.3.5/Zend/zend_alloc.c":241, 0x12013e7c8]
   1 php_sybase_finish_results(result = 0x1400cd5b8) ["/app/apps/web/php-4.3.5/ext/sybase_ct/php_sybase_ct.c":1011, 0x1200e766c]
   2 zif_sybase_free_result(ht = 1, return_value = 0x1400d8298, this_ptr = (nil), return_value_used = 0) ["/app/apps/web/php-4.3.5/ext/sybase_ct/php_sybase_ct.c":1602, 0x1200e8f20]
   3 execute(op_array = 0x1400c52d8) ["/app/apps/web/php-4.3.5/Zend/zend_execute.c":1621, 0x12016fdf4]
   4 zend_execute_scripts(type = 8, retval = (nil), file_count = 3) ["/app/apps/web/php-4.3.5/Zend/zend.c":889, 0x120155be0]
   5 php_execute_script(primary_file = 0x11fffec10) ["/app/apps/web/php-4.3.5/main/main.c":1731, 0x120116d84]
   6 main(argc = 2, argv = 0x11fffef28) ["/app/apps/web/php-4.3.5/sapi/cli/php_cli.c":822, 0x1201722e4]
(dbx) up
php_sybase_finish_results:1011  efree(result->tmp_buffer[i]);
(dbx) up
zif_sybase_free_result:1602  php_sybase_finish_results(result);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-04-02 04:21 UTC] tvoigt at informatik dot tu-cottbus dot de

Hi there!

The bug ist reproducible here on Debian Woody + apache-1.3.29/php >= 4.3.4RC3, too. 

It was most probably introduced while fixing http://bugs.php.net/bug.php?id=26407: sybase_free_result() works properly up to php-4.3.4RC2, but not with a patched 4.3.4RC2 to solve bug #26407 (that patch then made it into 4.3.4RC3).

Well, I'm sorry for not testing sybase_free_result() afterwards, never used it before...

Best regards,
Thomas

[2004-04-02 06:12 UTC] derick@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2004-04-02 13:20 UTC] deanb at gbtn dot net

Nope, same crash with php4-STABLE-200404021630.

[2004-04-07 10:46 UTC] hager at transgene dot fr

Hello,
same bug with PHP5.0.0-RC1 and the latest PHP5 snapshot PHP5-200404071230 : sybase_free_result() crashes. Should I open a new bug report for PHP 5 ?

[2004-04-13 09:41 UTC] r dot vanicek at seznam dot cz

It worked fine in PHP 4.3.4 and PHP 4.3.5RC2, but PHP 4.3.5 (final) is broken, and PHP 4.3.6RC3 is broken too. When sybase_free_result is called, there is segmentation fault (my system is Debian GNU/Linux woody, Apache 1.3.26).

[2004-04-30 10:38 UTC] michail dot bachmann at cms dot hu-berlin dot de

Hello,

this bug still exists in 4.3.6. Calling sybase_free_result crashed Apache (Solaris 8, Apache 1.3.29, Sybase 12.0)

Does anyone has a workaround/patch available?

[2004-05-06 17:27 UTC] michail dot bachmann at cms dot hu-berlin dot de

Hello again,

A workaround for this bug is to comment out the line 1602 in php_sybase_ct.c. This function must be broken for a while, since around line 1365 someone fixed the problem the same way.

Oh, BTW PHP crashes while freeing result->tmp_buffer in line 1013. Looks like something corrupts the memory around this variable.

HTH

[2004-05-26 15:26 UTC] ljb220 at mindspring dot com

I just tested 4.3.7RC1 and the problem is fixed (although the bug number isn't reported in NEWS). Thanks, PHP team.

[2004-07-11 18:34 UTC] thekid@php.net

Seems to be a duplicate of #28354, which has been fixed a while ago. I'll set this to fixed.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 06:01:30 2024 UTC