php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43578 Incurred fault #6 - if returned textfield ist empty
Submitted: 2007-12-12 10:28 UTC Modified: 2010-08-28 16:59 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: schulmat at cms dot hu-berlin dot de Assigned: thekid (profile)
Status: Closed Package: Sybase-ct (ctlib) related
PHP Version: 5.2.5 OS: Solaris 9/10
Private report: No CVE-ID: None
 [2007-12-12 10:28 UTC] schulmat at cms dot hu-berlin dot de
Description:
------------
The problem can reproduced on Solaris 9 and Solaris 10.
If I compile php with
./configure \
--prefix=/usr/local/wwwbin/php-5.2.5 \
--with-apxs2=/usr/local/wwwbin/apache/bin/apxs \ (Apache 2.2.6)
--with-sybase-ct=/opt/csw (freetds-version 0.64 from blastwave)

and perform this simple query:
select DC_Rights from Resource R where R.Resource_ID = 123; 
(DC_Rights type text, Resource_ID = 123 exists, should return "(empty) not NULL, works via tsql)
i get "Incurred fault #6".

Reproduce code:
---------------
<?php
 require("DBConnection.cls.php");  // database connection
 $db=new DBConnection();           // new object

 $test = "set textsize 262144";
 echo $test."<br />";
 //$db->submitQuery($test); flush();

 $query = "select DC_Rights from Resource R where R.Resource_ID = 122"; // expected Result: NULL
 flush();
 $res_id = $db->submitQuery($query); // works!

 $query = "select DC_Rights from Resource R where R.Resource_ID = 123"; // expected Result: ""
 flush();
 $res_id = $db->submitQuery($query); // doesn't work. Apache: Segmentation fault (11)

 echo "done!"; 
 flush(); 
 exit();
?>

Expected result:
----------------
set textsize 262144
select DC_Rights from Resource R where R.Resource_ID = 122
select DC_Rights from Resource R where R.Resource_ID = 123
done!

Actual result:
--------------
Output:
Warning: sybase_connect() [function.sybase-connect]: Sybase: Server message: Changed client character set setting to 'iso_1'. (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 7

Warning: sybase_connect() [function.sybase-connect]: Sybase: Server message: Changed database context to 'metadb'. (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 7

Warning: sybase_select_db() [function.sybase-select-db]: Sybase: Server message: Changed database context to 'metadb'. (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 10
set textsize 262144
select DC_Rights from Resource R where R.Resource_ID = 27397
select DC_Rights from Resource R where R.Resource_ID = 20676



truss output php-cli:
time()                                          = 1197455005
pollsys(0xFFBFE900, 1, 0x00000000, 0x00000000)  = 1
read(4, "FD\0\0\002\0\0\0\0", 9)                = 9
time()                                          = 1197455005
time()                                          = 1197455005
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
pollsys(0xFFBFEBE8, 1, 0x00000000, 0x00000000)  = 1
write(4, "0F01\018\0\0\0\0 !\0\0\0".., 24)      = 24
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
time()                                          = 1197455005
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "0401\0 r\0\0\0\0", 8)                  = 8
time()                                          = 1197455005
time()                                          = 1197455005
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "E3\00F0106 m e t a d b06".., 106)      = 106
time()                                          = 1197455005
write(1, "\n W a r n i n g :   s y".., 177)     = 177

Warning: sybase_select_db(): Sybase:  Server message:  Changed database context to 'metadb'.
 (severity 10, procedure N/A) in /usr/local/htdocs/DBConnection.cls.php on line 10
write(1, " s e l e c t   D C _ R i".., 64)      = 64
time()                                          = 1197453664
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
pollsys(0xFFBFEBE8, 1, 0x00000000, 0x00000000)  = 1
write(4, "0F01\0 J\0\0\0\0 !\0\0\0".., 74)      = 74
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "0401\0 ;\0\0\0\0", 8)                  = 8
time()                                          = 1197453664
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "EE\0 !\001\t D C _ R i g".., 51)       = 51
time()                                          = 1197453664
write(1, " s e l e c t   D C _ R i".., 64)      = 64
time()                                          = 1197453664
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
pollsys(0xFFBFEBE8, 1, 0x00000000, 0x00000000)  = 1
write(4, "0F01\0 J\0\0\0\0 !\0\0\0".., 74)      = 74
sigaction(SIGPIPE, 0xFFBFEBA0, 0xFFBFEC40)      = 0
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "0401\0 W\0\0\0\0", 8)                  = 8
time()                                          = 1197453664
time()                                          = 1197453664
pollsys(0xFFBFEA08, 1, 0x00000000, 0x00000000)  = 1
read(4, "EE\0 !\001\t D C _ R i g".., 79)       = 79
time()                                          = 1197453664
    Incurred fault #6, FLTBOUNDS  %pc = 0xFEC40E48
      siginfo: SIGSEGV SEGV_MAPERR addr=0x004DE000
    Received signal #11, SIGSEGV [default]
      siginfo: SIGSEGV SEGV_MAPERR addr=0x004DE000

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-09 10:47 UTC] thekid@php.net
I added a testcase for this bug but am currently not able to reproduce this issue. See:

http://cvs.php.net/viewvc.cgi/php-src/ext/sybase_ct/tests/bug43578.phpt?revision=1.1.2.1&view=markup&pathrev=PHP_5_3
 [2009-04-27 15:57 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2009-05-05 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-01-15 22:27 UTC] darrick at davismedia dot org
I get the following after running the test case:

PHP Warning:  Module 'pdo_mysql' already loaded in Unknown on line 0
bool(true)
bool(true)
bool(true)
bool(true)
>>> Query: select DC_Rights from #Resource where Resource_ID = 122
<<< Return: resource
array(0) {
}
>>> Query: select DC_Rights from #Resource where Resource_ID = 123
<<< Return: resource
array(1) {
  [0]=>
  array(1) {
    ["DC_Rights"]=>
    NULL
  }
}
>>> Query: select DC_Rights from #Resource where Resource_ID = 124
Segmentation fault: 11 (core dumped)

This is on 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 10:35:36 UTC 2008     root@driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

But, I also have the same trouble on a ubuntu box.

PHP 5.2.12 with Suhosin-Patch 0.9.7 (cli) (built: Jan  9 2010 14:15:45) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
    with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator

tds version = 7.0 and tds_version = 8.0 both fail

Database is MSSQL Server Express Edition version 9.00.1399.06

The following patch fixes the issue but it's a hack.  I compiled php5-sybase_ct with debug enabled and the seg fault occurred at line 1208.

--- php_sybase_ct2.c	2010-01-15 14:03:13.000000000 -0800
+++ php_sybase_ct.c	2010-01-15 14:00:15.000000000 -0800
@@ -1205,6 +1205,7 @@ static int php_sybase_fetch_result_row (
 					
 					default: {
 						/* This indicates anything else, return it as string */
+                     if(result->lengths[j] < 1){result->lengths[j]=1;}
 						ZVAL_STRINGL(&result->data[i][j], result->tmp_buffer[j], result->lengths[j]- 1, 1);
 						break;
 					}

My guess is ct_bind is returning an indicator of -1 on some systems for text fields == '' so there is no seg fault. While on systems which seg fault the indicator from ct_bind is 0 for text fields == ''.
 [2010-08-28 16:59 UTC] thekid@php.net
-Status: No Feedback +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC