php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42068 zend_mm_heap corrupted error when freeing resultset (Works with PDO ODBC)
Submitted: 2007-07-22 14:17 UTC Modified: 2009-11-16 01:00 UTC
Votes:14
Avg. Score:4.2 ± 1.2
Reproduced:11 of 12 (91.7%)
Same Version:3 (27.3%)
Same OS:6 (54.5%)
From: macuyiko at gmail dot com Assigned:
Status: No Feedback Package: ODBC related
PHP Version: 5.2.3 OS: Linux (64bit)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: macuyiko at gmail dot com
New email:
PHP Version: OS:

 

 [2007-07-22 14:17 UTC] macuyiko at gmail dot com
Description:
------------
Using Intersystems' Cache 64 bit ODBC driver (libcacheodbc.so) with unixODBC causes PHP 5.2.3 to crash. (I never had a problem with the 32 bit driver.) Also, using another ODBC tool, like isql, works fine.

I have managed to track down this problem in PHP's source code, in php_odbc.c, in the function PHP_FUNCTION(odbc_free_result), there are the following lines:

//...start fragment...
ZEND_FETCH_RESOURCE(result, odbc_result *, pv_res, -1, "ODBC result", le_result);
if (result->values) {
 for (i = 0; i < result->numcols; i++) {
  if (result->values[i].value) { 
   efree(result->values[i].value);
  }
 }
 efree(result->values);
 result->values = NULL;
}
//...end fragment...

Commenting out the line:
efree(result->values);
causes PHP to Segfault.

Commenting out the line:
efree(result->values[i].value);
still gives the zend_mm_heap corrupted error.

When I comment out both lines, the problem disappears. But I fear that this might not be good practice.

So what could be causing this problem? It is only with the 64 bit driver/PHP/Linux that this error occurs. Using the 32 bit driver works. Other databases' ODBC drivers work fine too.

Note: this error was also present in PHP 5.2.1. In PHP 5.1.6, I got a "glibc double free detected"-error.

Reproduce code:
---------------
<?php
echo "Opening connection...\n";
$connection = odbc_connect($dsn,"",""); //connect to dsn
echo "Executing SQL...\n";
$result = odbc_do($connection,$sqlstring);
//optional code to do something with resultset here
/*the following line crashes PHP with zend_mm_heap corrupted
commenting out this line doesn't help (since the result will be freed
automatically anyway*/
echo "Freeing...\n";
odbc_free_result($result);
echo "Closing...\n";
odbc_close($connection);
echo "Done.\n";
?>

Expected result:
----------------
Opening connection...
Executing SQL...
Freeing...
Closing...
Done.

Actual result:
--------------
Opening connection...
Executing SQL...
Freeing...
zend_mm_heap corrupted

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-07-24 12:01 UTC] jani@php.net
Try using the PDO ODBC instead. It is known to work better in most cases.
 [2007-07-24 14:25 UTC] macuyiko at gmail dot com
Using pdo-odbc works. I still use the normal odbc functions a lot though, but at least I have an alternative now.

I still wonder what could be causing this crash though.
 [2009-11-08 16:09 UTC] felipe@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

I can't reproduce it.
 [2009-11-16 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 02 20:01:32 2024 UTC