php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32009 mssql_bind() causes buffer overruns & memleaks
Submitted: 2005-02-17 15:01 UTC Modified: 2005-11-18 21:42 UTC
From: tony2001 at phpclub dot net Assigned: fmk (profile)
Status: Closed Package: MSSQL related
PHP Version: 5CVS-2005-02-17 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tony2001 at phpclub dot net
New email:
PHP Version: OS:

 

 [2005-02-17 15:01 UTC] tony2001 at phpclub dot net
Description:
------------
mssql_bind() causes some buffer overruns & memleaks if you try to bind the same parameter *several times*.


Reproduce code:
---------------
<?php
$c = mssql_connect($host, $user, $passwd);
mssql_select_db($dbase);

$r = mssql_init('nonex_stored_proc'); // that doesn't mean
mssql_bind($r, "param", $param, SQLTEXT, 0, 0, 10);
mssql_bind($r, "param", $param, SQLTEXT, 0, 0, 10);

echo "Done\n";
?>

Expected result:
----------------
Done

Actual result:
--------------
[Thu Feb 17 16:18:27 2005]  Script:  '/www/index.php'
---------------------------------------
/home/dev/php-src/Zend/zend_execute.h(127) : Block 0x082C2FF0 status:
/home/dev/php-src/Zend/zend_execute.h(64) : Actual location (location was relayed)
Beginning:      OK (allocated on /home/dev/php-src/Zend/zend_vm_execute.h:157, 16 bytes)
      End:  Overflown (magic=0x082C3764 instead of 0x2A8FCC84)
            At least 4 bytes overflown
---------------------------------------
Done
/home/dev/php-src/Zend/zend_vm_execute.h(157) :  Freeing 0x082BF87C (16 bytes), script=/www/qa/tests/ext/mssql/030.php
Last leak repeated 1 time
/home/dev/php-src/Zend/zend_vm_execute.h(17922) :  Freeing 0x082C3764 (16 bytes), script=/www/qa/tests/ext/mssql/030.php
=== Total 3 memory leaks detected ===

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-18 21:42 UTC] fmk@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 13 19:01:27 2024 UTC