php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45373 php crash on query with errors in params
Submitted: 2008-06-27 06:36 UTC Modified: 2008-10-06 15:09 UTC
From: max_wer at ukr dot net Assigned: felipe (profile)
Status: Closed Package: InterBase related
PHP Version: 5.2.6 OS: Windows XP SP2
Private report: No CVE-ID: None
 [2008-06-27 06:36 UTC] max_wer at ukr dot net
Description:
------------
php crash
where 
  count(params in ibase_execute()) > count(params in SQL-string) and
  query-type is not SELECT


Reproduce code:
---------------
$db  = ibase_connect('127.0.0.1:employee','sysdba','masterkey');
$sql = 
"update country set   currency = ? where country  = ? returning country, currency";/**/
/*"select * from  country where country = ? and currency = ?"; /**/

$t   = ibase_trans(IBASE_WRITE);
$q   = ibase_prepare($db,$t,$sql);
$r   = ibase_execute($q,'USA','Dollar'/*!!!With three param SELECT-OK UPDATE-CRASH*/ ,0/**/);

ibase_rollback($t);
ibase_close($db);

Expected result:
----------------
must be error message


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-01 06:27 UTC] lester at lsces dot co dot uk
I can confirm this is happening, but I also get a crash with the select rather than just update.
Unable to modify the SQL 'NOT' to give a crash - which is what I would probably expect since only the number of parameters matter not how they are used.
Firebird 2.0 and PHP5.2.5
 [2008-07-01 09:24 UTC] max_wer at ukr dot net
I beg pardon. I was, probably, inattentive. SELECT query PHP crash too.
PHP 5.2.6 FIREBIRD 2.1.0
 [2008-10-04 22:54 UTC] felipe@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2008-10-06 08:35 UTC] max_wer at ukr dot net
SEE http://andryg.sumy.ua/musor/bug_45373.htm (this report - HTML version)

Thread 0 - System ID 3920
Entry point   php+2fc2 
Create time   06.10.2008 10:44:32 
Time spent in user mode   0 Days 0:0:0.15 
Time spent in kernel mode   0 Days 0:0:0.46 






Function     Arg 1     Arg 2     Arg 3   Source 
php_interbase+3bfc     00000000     102c169c     00000008    
php5ts!php_error_docref0+23     00000000     00000000     00000000    




PHP_INTERBASE+3BFCWARNING - DebugDiag was not able to locate debug symbols for php_interbase.dll, so the information below may be incomplete.



In php__PID__3320__Date__10_06_2008__Time_10_44_43AM__679__Second_Chance_Exception_C0000005.dmp the assembly instruction at php_interbase+3bfc in d:\http\bin\php526\ext\php_interbase.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x00000004 on thread 0

Module Information 
Image Name: d:\http\bin\php526\ext\php_interbase.dll   Symbol Type:  Export 
Base address: 0x01a40000   Time Stamp:  Sat May 03 01:02:36 2008  
Checksum: 0x00000000   Comments:  Thanks to Jouni Ahto, Andrew Avdeev, Ard Biesheuvel 
COM DLL: False   Company Name:  The PHP Group 
ISAPIExtension: False   File Description:  InterBase 
ISAPIFilter: False   File Version:  5.2.6.6 
Managed DLL: False   Internal Name:  php_interbase.dll 
VB DLL: False   Legal Copyright:  Copyright ? 1997-2007 The PHP Group 
Loaded Image Name:  php_interbase.dll   Legal Trademarks:  PHP 
Mapped Image Name:  d:\http\bin\php526\ext\php_interbase.dll   Original filename:  php_interbase.dll 
Module name:  php_interbase   Private Build:   
Single Threaded:  False   Product Name:  PHP php_interbase.dll 
Module Size:  68,00 KBytes   Product Version:  5.2.6 
Symbol File Name:  php_interbase.dll   Special Build:  &
 [2008-10-06 15:09 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Wed Sep 26 10:01:25 2018 UTC