php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32009 mssql_bind() causes buffer overruns & memleaks
Submitted: 2005-02-17 15:01 UTC Modified: 2005-11-18 21:42 UTC
From: tony2001 at phpclub dot net Assigned: fmk
Status: Closed Package: MSSQL related
PHP Version: 5CVS-2005-02-17 OS: Linux
Private report: No CVE-ID:
 [2005-02-17 15:01 UTC] tony2001 at phpclub dot net
Description:
------------
mssql_bind() causes some buffer overruns & memleaks if you try to bind the same parameter *several times*.


Reproduce code:
---------------
<?php
$c = mssql_connect($host, $user, $passwd);
mssql_select_db($dbase);

$r = mssql_init('nonex_stored_proc'); // that doesn't mean
mssql_bind($r, "param", $param, SQLTEXT, 0, 0, 10);
mssql_bind($r, "param", $param, SQLTEXT, 0, 0, 10);

echo "Done\n";
?>

Expected result:
----------------
Done

Actual result:
--------------
[Thu Feb 17 16:18:27 2005]  Script:  '/www/index.php'
---------------------------------------
/home/dev/php-src/Zend/zend_execute.h(127) : Block 0x082C2FF0 status:
/home/dev/php-src/Zend/zend_execute.h(64) : Actual location (location was relayed)
Beginning:      OK (allocated on /home/dev/php-src/Zend/zend_vm_execute.h:157, 16 bytes)
      End:  Overflown (magic=0x082C3764 instead of 0x2A8FCC84)
            At least 4 bytes overflown
---------------------------------------
Done
/home/dev/php-src/Zend/zend_vm_execute.h(157) :  Freeing 0x082BF87C (16 bytes), script=/www/qa/tests/ext/mssql/030.php
Last leak repeated 1 time
/home/dev/php-src/Zend/zend_vm_execute.h(17922) :  Freeing 0x082C3764 (16 bytes), script=/www/qa/tests/ext/mssql/030.php
=== Total 3 memory leaks detected ===

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-18 21:42 UTC] fmk@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC