|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37527 Crash - odbc_exec on closed pconnect
Submitted: 2006-05-19 20:06 UTC Modified: 2015-04-11 13:04 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: bhines at alumni dot ucsd dot edu Assigned: cmb
Status: Closed Package: ODBC related
PHP Version: 5.3.0beta1 OS: Windows XP
Private report: No CVE-ID:
 [2006-05-19 20:06 UTC] bhines at alumni dot ucsd dot edu
php crashes if i connect to a closed ODBC pconnect.  I know this is very bad code below, but php should probably not crash.

I reproed this with both 5.1.4 and today's 5.2 snapshot.

Reproduce code:
$mydb = NULL; 
function pdb_Connect()
    global $mydb;
    if($mydb == NULL)
    {  /* To repro, you need to supply a valid DSN and user/pass here. Only crashes with pconnect here, not connect. */                                                                           
      $mydb = odbc_pconnect("YourDSN", "YourUser", "YourPass", SQL_CUR_USE_ODBC) or die(odbc_errormsg() ); 
    return $mydb;
function printPage()
  $mydb = pdb_Connect();
  print "Possibly Crashing now... ";
  $results = odbc_exec($mydb, 'SELECT * FROM _PDB_Access');  

Expected result:
With warnings on, i'd expect something like:

Possibly Crashing now...
Warning: odbc_exec(): supplied argument is not a valid ODBC-Link resource in d:\inetpub\wwwroot\include\test\testcrash.php on line 20

Actual result:
Possibly Crashing now... PHP has encountered an Access Violation at 7C901010


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-20 21:44 UTC] bhines at alumni dot ucsd dot edu
 	php5ts.dll!zif_odbc_exec(int ht=17437576, _zval_struct * return_value=0x010af6f0, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=1, void * * * tsrm_ls=0x00032608)  Line 1285	C
 	php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x00c0fae8, void * * * tsrm_ls=0x00032608)  Line 200 + 0x35	C
 	php5ts.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x00000000, void * * * tsrm_ls=0x00032608)  Line 1644 + 0xe	C
 	php5ts.dll!execute(_zend_op_array * op_array=0x00000000, void * * * tsrm_ls=0x010abb40)  Line 92 + 0xc	C
 	php5ts.dll!_efree(void * ptr=0x011d5f60)  Line 275 + 0xc	C
 	php5ts.dll!zend_llist_del_element(_zend_llist * l=0x010ad080, void * element=0x00032608, int (void *, void *)* compare=0x00000000)  Line 99 + 0x5	C
 	php5ts.dll!zend_execute_scripts(int type=2009252809, void * * * tsrm_ls=0x00030000, _zval_struct * * retval=0x00000000, int file_count=2009252814, ...)  Line 1100	C
 	php5ts.dll!_zend_hash_add_or_update(_hashtable * ht=0x0000000d, char * arKey=0x010abb30, unsigned int nKeyLength=268473042, void * pData=0x00000000, unsigned int nDataSize=206344, void * * pDest=0x010abb18, int flag=268473024)  Line 248 + 0x2e	C
 	php5ts.dll!ts_resource_ex(int id=12648368, unsigned long * th_id=0x00000000)  Line 331	C
 	php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x00c0fedc, void * * * tsrm_ls=0x00032608)  Line 1682 + 0x31	C
 	php.exe!main(int argc=2, char * * argv=0x000325c8)  Line 1094	C
 	php.exe!_mainCRTStartup()  + 0xe3	
 [2006-09-29 23:22 UTC] bhines at alumni dot ucsd dot edu
Still occurs in 5.1.6
 [2007-09-25 13:21 UTC] alexandra at zend dot com

There is a simple work-around to make this script work - there is a problem with the fact that you declared the $mydb var global in one function but not the other.
You can change the printPage() function to solve this issue.

function printPage()
    global $mydb;         
  $mydb = pdb_Connect();
  print "Possibly Crashing now... ";
  $results = odbc_exec($mydb, 'SELECT * FROM _PDB_Access');  
 [2008-02-17 17:22 UTC]
Possible fix:
 [2008-10-21 11:38 UTC]
Was that fix applied? Does this bug exist in PHP_5_2 branch still? If so, please update the version..
 [2008-10-21 22:32 UTC]
Well, I can't reproduce it.
 [2009-02-17 17:53 UTC] paul at quakenet dot org

I can reproduce this (5.3 branch) and the patch attached does't 
appear to fix this issue.

This issue only seems to occur when returning $mydb. If the 
odbc_pconnect is moved outside of pdb_Connect or the code function 
definition is changed to function &pdb_Connect(), the issue does not 

  $mydb = pdb_Connect();
Output is: resource(5) of type (odbc link persistent)

Changing the code to not return $mydb e.g. call odbc_pconnect within 
printPage, result of the var_dump is: resource(5) of type (Unknown)
 [2009-02-17 18:05 UTC] bhines at alumni dot ucsd dot edu
updated version.
 [2015-04-11 13:04 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-04-11 13:04 UTC]
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at

As of PHP 5.4.19 at least, the bug has been fixed. Instead of
crashing, there is now a warning:

  Warning: odbc_exec(): SQLAllocStmt error 'Invalid Handle' in ...
  on line ...
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 19:01:35 2015 UTC