php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37527 Crash - odbc_exec on closed pconnect
Submitted: 2006-05-19 20:06 UTC Modified: 2009-02-17 18:05 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: bhines at alumni dot ucsd dot edu Assigned:
Status: Open Package: ODBC related
PHP Version: 5.3.0beta1 OS: Windows XP
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-05-19 20:06 UTC] bhines at alumni dot ucsd dot edu
Description:
------------
php crashes if i connect to a closed ODBC pconnect.  I know this is very bad code below, but php should probably not crash.

I reproed this with both 5.1.4 and today's 5.2 snapshot.


Reproduce code:
---------------
<?php
$mydb = NULL; 
printPage();
function pdb_Connect()
{
    global $mydb;
    if($mydb == NULL)
    {  /* To repro, you need to supply a valid DSN and user/pass here. Only crashes with pconnect here, not connect. */                                                                           
      $mydb = odbc_pconnect("YourDSN", "YourUser", "YourPass", SQL_CUR_USE_ODBC) or die(odbc_errormsg() ); 
    }                      
    return $mydb;
}
function printPage()
{                
  $mydb = pdb_Connect();
  odbc_close($mydb);
  print "Possibly Crashing now... ";
  $results = odbc_exec($mydb, 'SELECT * FROM _PDB_Access');  
}
?>

Expected result:
----------------
With warnings on, i'd expect something like:

Possibly Crashing now...
Warning: odbc_exec(): supplied argument is not a valid ODBC-Link resource in d:\inetpub\wwwroot\include\test\testcrash.php on line 20

Actual result:
--------------
Possibly Crashing now... PHP has encountered an Access Violation at 7C901010

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-20 21:44 UTC] bhines at alumni dot ucsd dot edu
odbc32.dll!74355a16() 	
 	odbc32.dll!7432139f() 	
 	odbc32.dll!74322c5d() 	
 	odbc32.dll!74325fa0() 	
 	odbc32.dll!7432740e() 	
 	php5ts.dll!zif_odbc_exec(int ht=17437576, _zval_struct * return_value=0x010af6f0, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00032608)  Line 1285	C
 	php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x00c0fae8, void * * * tsrm_ls=0x00032608)  Line 200 + 0x35	C
 	php5ts.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x00000000, void * * * tsrm_ls=0x00032608)  Line 1644 + 0xe	C
 	php5ts.dll!execute(_zend_op_array * op_array=0x00000000, void * * * tsrm_ls=0x010abb40)  Line 92 + 0xc	C
 	php5ts.dll!_efree(void * ptr=0x011d5f60)  Line 275 + 0xc	C
 	php5ts.dll!zend_llist_del_element(_zend_llist * l=0x010ad080, void * element=0x00032608, int (void *, void *)* compare=0x00000000)  Line 99 + 0x5	C
 	php5ts.dll!zend_execute_scripts(int type=2009252809, void * * * tsrm_ls=0x00030000, _zval_struct * * retval=0x00000000, int file_count=2009252814, ...)  Line 1100	C
 	ntdll.dll!7c9106eb() 	
 	msvcrt.dll!77c2c3ce() 	
 	msvcrt.dll!77c2c3e7() 	
 	msvcrt.dll!77c2c42e() 	
 	php5ts.dll!_zend_hash_add_or_update(_hashtable * ht=0x0000000d, char * arKey=0x010abb30, unsigned int nKeyLength=268473042, void * pData=0x00000000, unsigned int nDataSize=206344, void * * pDest=0x010abb18, int flag=268473024)  Line 248 + 0x2e	C
 	php5ts.dll!ts_resource_ex(int id=12648368, unsigned long * th_id=0x00000000)  Line 331	C
 	php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x00c0fedc, void * * * tsrm_ls=0x00032608)  Line 1682 + 0x31	C
 	php.exe!main(int argc=2, char * * argv=0x000325c8)  Line 1094	C
 	php.exe!_mainCRTStartup()  + 0xe3	
 	kernel32.dll!7c816d4f() 	
 	kernel32.dll!7c8399f3()
 [2006-09-29 23:22 UTC] bhines at alumni dot ucsd dot edu
Still occurs in 5.1.6
 [2007-09-25 13:21 UTC] alexandra at zend dot com
Hi

There is a simple work-around to make this script work - there is a problem with the fact that you declared the $mydb var global in one function but not the other.
You can change the printPage() function to solve this issue.

function printPage()
{   
    global $mydb;         
  $mydb = pdb_Connect();
  odbc_close($mydb);
  print "Possibly Crashing now... ";
  $results = odbc_exec($mydb, 'SELECT * FROM _PDB_Access');  
}
 [2008-02-17 17:22 UTC] felipe@php.net
Possible fix:
http://felipe.ath.cx/diff/bug37527.diff
 [2008-10-21 11:38 UTC] jani@php.net
Was that fix applied? Does this bug exist in PHP_5_2 branch still? If so, please update the version..
 [2008-10-21 22:32 UTC] felipe@php.net
Well, I can't reproduce it.
 [2009-02-17 17:53 UTC] paul at quakenet dot org
Felipe, 

I can reproduce this (5.3 branch) and the patch attached does't 
appear to fix this issue.

This issue only seems to occur when returning $mydb. If the 
odbc_pconnect is moved outside of pdb_Connect or the code function 
definition is changed to function &pdb_Connect(), the issue does not 
occur.

With:
  $mydb = pdb_Connect();
  odbc_close_all();
  var_dump($mydb);
Output is: resource(5) of type (odbc link persistent)

Changing the code to not return $mydb e.g. call odbc_pconnect within 
printPage, result of the var_dump is: resource(5) of type (Unknown)
 [2009-02-17 18:05 UTC] bhines at alumni dot ucsd dot edu
updated version.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 00:02:04 2014 UTC